1) Specify the flags below in the cookie:
expires=
domain=
path=
secure
HttpOnly
2) Use Session ID / Token only instead of other meaningful flags.
3) Set up a Whitelist mechanism to validate user input data.
4) Leverage such encode functions as HtmlEncode to filter out some dangerous characters (e.g. "<" and ">").
TIPS: Some AntiXSS libraries could be utilized in an effort to mitigate the risk against Cross Site Scripting easily
No comments:
Post a Comment