Tag Archives: static code analysis

Preventing XSS Vulnerabilities in Web Frameworks

The protection offered by web frameworks is only useful if it is enabled. On several occasions I’ve seen developers explicitly disable the ‘safe’ output mechanisms provided by the framework.