TIL: OWASP Cheatsheets


From Filing a doc bug on a related topic. Why do Jinja and Tera templates automatically escape the contents of variable references when rendering them in a potential URL or HTML context?

Tera's auto-escaping behavior follows the recommendations of the OWASP Cross-Site Scripting cheatsheet page. The context of the cheatsheet is Javascript generated content, potentially compromisable by an attacker. The Zola static site generator uses Tera in a context that doesn't expose this data to the same attacks as dynamically generated web content.

But their XSS page is only one of a bigger series.

OWASP Cheatsheet Series: https://cheatsheetseries.owasp.org/ (also has a "download whole site" link bundle.zip and an Atom RSS feed News.xml!) OWASP Cheatsheet Project Home: https://owasp.org/www-project-cheat-sheets/ "Flagship Project"

So: Today I Learned about the OWASP Cheatsheet Series, and now you did too.

« Recurse Webring (Index; Random) »
Constellation Webring (Index; Random)