security XSS - ISS-Security/class-SEC GitHub Wiki
Cross Site Scripting (XSS)
XSS Concepts
- Cross-site Scripting (XSS) Attack
- What is Cross-site Scripting?
- The Theory of XSS
- XSS Attack Vectors
- Is your site vulnerable to Cross-site Scripting?
- Example of a Cross-site Scripting Attack
XSS Javascript helpers
XSS Prevention
- Prevention Examples
- Example of XSS in Sinatra
- Prevention tips
- Escaping HTML in Ruby
- Sanitize gem
- sanitize for HTML fragments and documents, CSS stylesheets
- specify tags as exceptions