[FLOW3-general] Security framework for escaping/ encoding output?
Helmut Hummel
helmut at typo3.org
Fri Sep 17 17:47:37 CEST 2010
Hi,
while again having a look into the nice ESAPI framework[1], I wondered
if anything similar is already present in FLOW3.
Having such an API in place does not only provide proper escaping, but
also raises awareness that escaping has to be done respecting the
context where untrusted data is ultimatly landing.[2][3][4]
Would be nice if someone could tell me if something is there so that I
can have a look at it.
If nothing is there yet, using ESAPI (at least parts of it) should be
seriously considered.
Regards Helmut
[1]http://code.google.com/p/owasp-esapi-php/wiki/Welcome
[2]http://code.google.com/docreader/#p=doctype&s=doctype&t=ArticlesXSS
[3]http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
[4]http://acko.net/blog/safe-string-theory-for-the-web
More information about the FLOW3-general
mailing list