Questions tagged [owasp]

OWASP is on a mission to educate the public about application security, striving to raise awareness on potential online threats.

Denied from being displayed in a frame due to a violation of the Content Security Policy directive by a parent element

I'm in the process of developing a Salesforce app that is displayed within an iframe on a Salesforce page. I am using a node express server to render this page. In order to ensure security compliance, I want the app to only display within the Salesfor ...

javascriptnode.jssecuritycontent-security-policyowasp

In my Angular application, the Authentication JWT is securely stored by Firebase within the Session Storage. Does this implementation pose any security risks

In order to enhance the user experience of our Angular app, we have integrated Firebase Authentication with Session Persistence. This ensures that users don't need to log in again every time they refresh the page. As part of this process, we store the auth ...

angularfirebasesecurityowasp

When applying the OWASP ESAPI encodeForHTMLAttribute method, I noticed that symbols are being rendered as their corresponding HTML entity numbers instead of the actual symbols

I recently started exploring OWASP ESAPI for preventing XSS and integrating the JavaScript version into my application. As per Rule #2 in the XSS prevention cheat sheet, it is recommended to "Attribute Escape" before inserting untrusted data into attribut ...

javascripthtmlencodingowaspesapi