SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 106

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 107

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added an Android Implmentation Details section

...

ISO/IEC TR 24772:2013

Cross-site Scripting [XYT]

MITRE CWE

CWE-289, Authentication bypass by alternate name
CWE-180, Incorrect behavior order: Validate before canonicalize

Android Implmentation Details

Android apps can receive string data from the outside and normalize it.

Bibliography

[API 2006]

Java Platform, Standard Edition 6 API Specification

[Davis 2008]

 

[Weber 2009]

Exploiting Unicode-enabled Software

...