I’ve been pretty aware of the risks of SQL injection and am militant about keeping my database interactions clean. Mark Jaquith today reminded me about the need to make sure my browser output is filtered through clean_url(), sanitize_url(), and attribute_escape(). Furthermore, we all need to remember current_user_can(), check_admin_referer(), and nonces.
Posted August 16, 2008 by Casey Bisson
Categories: Technology. Tags: coding standards, Mark Jaquith, php, security, SQL injections, web security, WordCamp, wordpress, XSRF, xss. Be the first one.
The Mozilla docs on JavaScript security give a hint of hope that signed scripts will work around the cross-domain script exclusions that all good browsers enforce. But an item at DevArticles.com throws water on the idea:
Signed scripts are primarily useful in an intranet environment; they’re not so useful on the Web in general. To see [...]
Posted September 20, 2005 by Casey Bisson
Categories: Libraries & Networked Information, Technology. Tags: cross domain, cross domain script exclusion, cross domain scripting, internet security, intranet environment, javascript, javascript security, mozilla, security, security components, signed script, signed scripts, web scripting, web security, xdomain, xmlhttprequest. One Comment.
