Replies: 1 comment
-
|
Requirement 5.2.1 of ASVS 5.0 states "Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized with an HTML sanitizer library or framework feature." V5.1 Input Validation and V5.3 Output Encoding and Injection Prevention also provide guidance. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
"2.5 Security libraries" of MVSP is reproduced below:
2.5 Security librariesUse frameworks, template languages, or libraries that systemically address implementation weaknesses by escaping the outputs and sanitizing the inputsExample: ORM for database access, UI framework for rendering DOMThe parent of this [MVSP] issue is #1151.
Beta Was this translation helpful? Give feedback.
All reactions