hiccup icon indicating copy to clipboard operation
hiccup copied to clipboard

Published 20 hours ago verified publisher icon weavejester

Escape / ?

Open danielcompton opened this issue 9 years ago • 1 comments

OWASP recommend escaping forward slashes as well. Would you be happy to take a PR for this?

https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content

danielcompton avatar Feb 04 '16 19:02 danielcompton

Maybe... It doesn't make a very strong case for that recommendation, but on the other hand I don't see the harm in it, either.

weavejester avatar Feb 06 '16 04:02 weavejester