Support "2.5 Security libraries" of MSVP #1691

cmlh · 2023-07-13T01:06:22Z

cmlh
Jul 13, 2023

"2.5 Security libraries" of MVSP is reproduced below:

2.5 Security libraries
Use frameworks, template languages, or libraries that systemically address implementation weaknesses by escaping the outputs and sanitizing the inputs

Example: ORM for database access, UI framework for rendering DOM

The parent of this [MVSP] issue is #1151.

cmlh · 2023-07-13T01:11:39Z

cmlh
Jul 13, 2023
Author

Requirement 5.2.1 of ASVS 5.0 states "Verify that all untrusted HTML input from WYSIWYG editors or similar is properly sanitized with an HTML sanitizer library or framework feature."

V5.1 Input Validation and V5.3 Output Encoding and Injection Prevention also provide guidance.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support "2.5 Security libraries" of MSVP #1691

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Support "2.5 Security libraries" of MSVP #1691

cmlh Jul 13, 2023

Replies: 1 comment

cmlh Jul 13, 2023 Author

cmlh
Jul 13, 2023

cmlh
Jul 13, 2023
Author