We need to check (and fix if not) following form UUF side - Preventing Improper Neutralization of CRLF Sequences in HTTP Headers - Preventing Improper Output Neutralization for Logs
On Wed, Feb 1, 2017 at 2:18 PM, Indunil Upeksha Rathnayake <[email protected] > wrote: > Hi, > > In the process of implementing C5 based products, we need to follow secure > coding patterns, specially HTML encoding to prevent Cross-Site Scripting > (XSS) etc. Since C5 based products are using the UUF framework, I think > it's better to enforce most of the UI security best practices from the > framework side. > > Currently is that support available in the framework? If so, what are the > security considerations? If available, I think it's better if you can > document it for the references. > > If you haven't still consider it, you can refer [1] and follow applicable > guidelines when implementing. And also you can update [1] with the > supported practices in UUF. > > [1] https://docs.google.com/document/d/1vhKMFRygUJwJ3cx- > Bat3qVYRfTv-_ZyxaLXCLMGFDLY/edit# > > Thanks and Regards > -- > Indunil Upeksha Rathnayake > Software Engineer | WSO2 Inc > Email [email protected] > Mobile 0772182255 > -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
