httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saeedahmed Subedar <Saeedahmed.Sube...@birlasunlife.com>
Subject RE: [users@httpd] Cross-site scripting implementation
Date Thu, 15 Dec 2011 09:36:14 GMT
Thanks.


Regards,

SaeedAhmed Subedar,
BSLI


-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Thursday, December 15, 2011 12:17 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Cross-site scripting implementation

On Thu, Dec 15, 2011 at 2:17 PM, Saeedahmed Subedar
<Saeedahmed.Subedar@birlasunlife.com> wrote:
> Inspite of the http server being cross-site scripting(xss) safe for most
> cases, need confirmation if xss filtering/prevention measures still need to
> be implemented on the application end..

Yes.  Your 99% of the time your application reads input and creates
output, so it needs to be where you're concerned with XSS.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

The information contained in this electronic communication is intended solely for the individual(s)
or entity to which it is addressed. It may contain proprietary, confidential and/or legally
privileged information. Any review, retransmission, dissemination, printing, copying or other
use of, or taking any action in reliance on the contents of this information by person(s)
or entities other than the intended recipient is strictly prohibited and may be unlawful.
If you have received this communication in error, please notify us by responding to this email
or telephone and immediately and permanently delete all copies of this message and any attachments
from your system(s). The contents of this message do not necessarily represent the views or
policies of Aditya Birla Group. Computer viruses can be transmitted via email. Aditya Birla
Group Companies attempts to sweep e-mails and attachments for viruses, it does not guarantee
that either are virus free. The recipient should check this email and any attachments for
the presence of viruses. Aditya Birla Group does not accept any liability for any damage sustained
as a result of viruses.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message