...
| Wiki Markup |
|---|
This compliant solution defines a {{ValidateOutput}} class that normalizes the output to a known character set, performs output validation using a white-list and encodes any non-specified data values to enforce a double checking mechanism. Different fields may require different white-listing patterns \[java:[OWASP 2008|AA. Bibliography#OWASP 08]\]. |
...
Bibliography
| Wiki Markup |
|---|
\[java:[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 116|http://cwe.mitre.org/data/definitions/116.html] "Improper Encoding or Escaping of Output" \[java:[OWASP 2008|AA. Bibliography#OWASP 08]\] [How to add validation logic to HttpServletRequest|http://www.owasp.org/index.php/How_to_add_validation_logic_to_HttpServletRequest], [XSS (Cross Site Scripting) Prevention Cheat Sheet|http://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#Escaping_.28aka_Output_Encoding.29] |
...
IDS11-J. Sanitize Eliminate non-character code points before performing other sanitizationvalidation