ENTRIES TAGGED "xss"
New Browser, Google APIs, NFC Checkin, and XSS Prevention
- Mozilla Home Dash — love this experiment in rethinking the browser from Mozilla. They call it a “browse-based browser” as opposed to “search-based browser” (hello, Chrome). Made me realize that, with Chrome, Google’s achieved a 0-click interface to search–you search without meaning to as you type in URLs, you see advertising results without ever having visited a web site.
- Periodic Table of Google APIs — cute graphic, part of a large push from Google to hire more outreach engineers to do evangelism, etc. The first visible signs of Google’s hiring binge.
- NFC in the Real World (Dan Hill) — smooth airline checkin with fobs mailed to frequent fliers.
- XSS Prevention Cheat Sheet (OWASP) — HTML entity encoding doesn’t work if you’re putting untrusted data inside a script tag anywhere, or an event handler attribute like onmouseover, or inside CSS, or in a URL. So even if you use an HTML entity encoding method everywhere, you are still most likely vulnerable to XSS. You MUST use the escape syntax for the part of the HTML document you’re putting untrusted data into. That’s what the rules below are all about. (via Hacker News)