Questions tagged [esapi]

ESAPI, the Enterprise Security API, was created by OWASP to address gaps in web security features within various programming languages. This comprehensive library offers a wide range of tools and functions to enhance cybersecurity for applications.

When applying the OWASP ESAPI encodeForHTMLAttribute method, I noticed that symbols are being rendered as their corresponding HTML entity numbers instead of the actual symbols

I recently started exploring OWASP ESAPI for preventing XSS and integrating the JavaScript version into my application. As per Rule #2 in the XSS prevention cheat sheet, it is recommended to "Attribute Escape" before inserting untrusted data into attribut ...

Is it safe to use handlebars' default escaping in HTML attributes?

Currently, I am working on a project where various HTML escaping methods are being utilized. Some properties are escaped in the backend and displayed as raw strings using triple handlebars {{{escaped-in-backend}}}, while others are passed from the backend ...

html attributes escaping handlebars.js esapi

Newtab Q&A