-
### Description
While the new CSRF prevention feature can help with handling reflected XSS attacks, Qute can help with getting the recorded HTML fragments sanitized via some of its customization opti…
-
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/lib…
-
We should pull this library and viewtool into the core
https://github.com/dotcms-plugins/com.dotcms.owasp.encoder
When we pull this and the library in, we need to replace the methods in this cla…
-
# ./bin/gauntlt-docker ../security-testing-class/attacks/xss/xss.attack
/var/lib/gems/2.3.0/gems/gauntlt-1.0.13/lib/gauntlt/runtime.rb:20:in `initialize': No files found in path: ../security-testi…
-
This CSP can be easily added in github pages [as explained here](https://qszhuan.github.io/technology/2015/08/12/add_csp_to_github_blog) and would add more security to the site by protecting users aga…
-
### Is there an existing issue for this topic?
- [X] I have searched the existing issues
### Description
I'd love to see the [Content-Security-Policy-Header (CSP)](https://developer.mozilla.o…
-
See gtanner's comment in blackberry-webworks/BB10-WebWorks-Framework#18
-
Cross-site scripting (XSS) attacks can occur if untrusted input is not escaped. This applies to templates as well as code. The jinja2 templates may be vulnerable to XSS if the environment has autoesca…
-
Vulnerable Library - Jinja2-3.1.2-py3-none-any.whl
A very fast and expressive template engine.
Library home page: https://files.pythonhosted.org/packages/bc/c3/f068337a370801f372f2f8f6bad74a5c140f6f…
-
### Is your feature request related to a problem? Please describe.
## Problem Statement:
### Rate Limiting
Without rate limiting, the server is vulnerable to abuse, such as brute-force attacks, b…