On Monday, September 2, 2013 8:10:10 PM UTC-6, Nelson Morris wrote:
Several of Yesod's responses to other items on the list are humorous in
there vagueness, but in my experience for clojure:
1.Injection: Done by JDBC's prepared statements, and clojure.jdbc's use
of them
2. XSS
clojars uses
https://github.com/ato/clojars-web/blob/master/src/clojars/web/safe_hiccup.clj
which automatically escapes.
But that double escapes attribute values if you don't put them in raw-calls.
On Monday, September 2, 2013 6:32:59 AM UTC+2, Ivan Kozik wrote:
On Sun, Sep 1, 2013
On Mon, Sep 2, 2013 at 6:25 AM, abp abp...@gmail.com wrote:
clojars uses https://github.com/ato/**clojars-web/blob/master/src/**
clojars/web/safe_hiccup.cljhttps://github.com/ato/clojars-web/blob/master/src/clojars/web/safe_hiccup.clj
which automatically escapes.
But that double escapes
Hej everyone!
After a short but interesting discussionhttp://clojure-log.n01se.net/#14:27
on
#clojure I'd like to pose some security related questions to a larger
audience.
This is mostly about user-facing web applications.
First some short background: In the main web framework I use,
Vincent,
On Sun, Sep 1, 2013 at 8:06 PM, Vincent Ambo taz...@gmail.com wrote:
* *Where are these things being discussed* in the Clojure community?
Googling things like Clojure web security brings up almost nothing.
Some discussions on this have started on the clojure-sec google group here:
On Sun, Sep 1, 2013 at 7:06 PM, Vincent Ambo taz...@gmail.com wrote:
* How and where do we prevent XSS attacks? Do we have templating engines
that escape things unless told otherwise, or - if not - do these features
exist in the form of a helper function? If yes, where? (And so on...)
clojars