Posted by felipegaucho
on November 2, 2005 at 10:53 AM PST
Web Application Security Vulnerabilities are a tricky area that needs creative solutions. Several frameworks solve a lot of problems for you and it may cause a weak perception about what really happens into the underneath code. This entry comments the Html Injection Filter - a set of classes that prevent Html injection into Cejug-Classifieds Project.
Holiday in Brazil , a good moment to taste crabs aperitifs on the sunny beach and to fix some old issues in the code of my Open Source projects. Some of these issues had revealed subtle gaps in our traditional programming - like the Web Application Security Vulnerabilities . Reviewing the code of Cejug-Classifieds , I noted the lack of control over Html Injection and I decided to dedicate my afternoon working around to fix that gap. This blog entry describe my first effort in order to reinforce the security of the code of my project, and it should evolve in the next weeks. It is an opportunity to share with you my project decisions and also a hope in order to learn more about that.
Reading the excellent paper of Stephen Enright , I started to design a general solution to Html injection - adapting the paper tips to the patterns I