Opened 9 years ago
Closed 9 years ago
#882 closed defect (fixed)
Re-doing security for GS2
| Reported by: | ak19 | Owned by: | ak19 |
|---|---|---|---|
| Priority: | moderate | Milestone: | |
| Component: | Greenstone2 Runtime | Severity: | major |
| Keywords: | security | Cc: |
Description
Preventing XSS the correct way.
Based on https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
securitytools.cpp based on OWASP's Java ESAPI: http://code.google.com/p/owasp-esapi-java/source/browse/trunk/src/main/java/org/owasp/esapi/codecs/
Changesets:
http://trac.greenstone.org/changeset/28888
http://trac.greenstone.org/changeset/28898
http://trac.greenstone.org/changeset/28899
http://trac.greenstone.org/changeset/28909
http://trac.greenstone.org/changeset/28911
http://trac.greenstone.org/changeset/28912
http://trac.greenstone.org/changeset/28913
http://trac.greenstone.org/changeset/28930
http://trac.greenstone.org/changeset/28948
http://trac.greenstone.org/changeset/28996
Initially we tried to use the OWASP C++ package. We no longer use it because when we tried it, a lot wasn't implemented yet, so we wrote our own c++ code for just the functions we needed in the new securitytools.cpp file.
Changesets to runtime-src back when we were trying to compile the owasp-for-c++ package:
