httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Cross-site scripting implementation
Date Thu, 15 Dec 2011 06:46:52 GMT
On Thu, Dec 15, 2011 at 2:17 PM, Saeedahmed Subedar
<Saeedahmed.Subedar@birlasunlife.com> wrote:
> Inspite of the http server being cross-site scripting(xss) safe for most
> cases, need confirmation if xss filtering/prevention measures still need to
> be implemented on the application end..

Yes.  Your 99% of the time your application reads input and creates
output, so it needs to be where you're concerned with XSS.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message