dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed typos

Browse Source
This commit is contained in:
xanderhades
2018-01-29 17:25:19 -05:00
committed by Nanne Baars
parent 408a637649
commit 7b5bb6d6f1
7 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
webgoat-lessons/cross-site-scripting/src/main/resources/lessonPlans/en/CrossSiteScripting_content8.adoc
View File

@ -2,10 +2,10 @@
=== Why?
Hopefully we've covered that by now. Bottom line, you don't want someone else's code running in the context of your users and their logged-in seession
Hopefully we've covered that by now. Bottom line, you don't want someone else's code running in the context of your users and their logged-in session
=== What to encode?
The basic premise of defending against XSS is *output endoding* any untrusted input that goes to the screen.
The basic premise of defending against XSS is *output encoding* any untrusted input that goes to the screen.
That may be changing with more sophisticated attacks, but is still the best defense we currently have. *AND* ... *context matters*
Another word on 'untrusted input'. If in doubt, treat everything (even data you populated in your DB as untrusted).