sander/notes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update sectraining.md

Browse source
This commit is contained in:
Sander Hautvast 2024-02-05 10:31:54 +01:00 committed by GitHub
parent 5c9876ad8a
commit addf4f6a94
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
sectraining.md
View file

@ -22,10 +22,10 @@ JavaScript frameworks (e.g., Angular, React) or server-side templating systems (
|context|vulnerable code | java | |context|vulnerable code | java |
|---|---|---| |---|---|---|
|HTML Body |<div>USER-CONTROLLED-DATA</div> | `Encode.forHtml` | |HTML Body |&lt;div>USER-CONTROLLED-DATA</div> | `Encode.forHtml` |
|HTML Attribute| <input type="text" value="USER-CONTROLLED-DATA"> |`Encode.forHtmlAttribute`| |HTML Attribute| &lt;input type="text" value="USER-CONTROLLED-DATA"> |`Encode.forHtmlAttribute`|
|URL Parameter| <a href="/search?value=USER-CONTROLLED-DATA">Search</a> |`Encode.forUriComponent`| |URL Parameter| &lt;a href="/search?value=USER-CONTROLLED-DATA">Search</a> |`Encode.forUriComponent`|
|CSS String |<div style="width: USER-CONTROLLED-DATA;">Selection</div>| `Encode.forCssString`| |CSS String |&lt;div style="width: USER-CONTROLLED-DATA;">Selection</div>| `Encode.forCssString`|
|CSS URL| <div style="background: USER-CONTROLLED-DATA "> |`Encode.forCssUrl`| |CSS URL| &lt;div style="background: USER-CONTROLLED-DATA "> |`Encode.forCssUrl`|
|JavaScript Block |<script>alert("USER-CONTROLLED-DATA")</script>| `Encode.forJavaScriptBlock`| |JavaScript Block |&lt;script>alert("USER-CONTROLLED-DATA")</script>| `Encode.forJavaScriptBlock`|
|JavaScript Variable |<button onclick="alert('USER-CONTROLLED-DATA');">click me</button> |`Encode.forJavaScriptVariable`| |JavaScript Variable |&lt;button onclick="alert('USER-CONTROLLED-DATA');">click me</button> |`Encode.forJavaScriptVariable`|