SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 53

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For example, an application's strategy for avoiding Cross Site Scripting (XSS) vulnerabilities may include forbidding <script> tags in inputs. Such black-listing mechanisms are a useful part of a security strategy, even though they are insufficient for complete input validation and sanitization. When implemented, this form of validation must be performed only after normalizing the input.

Wiki Markup
Character information in Java 1.6 is based on the Unicode Standard, version 4.0 \[[Unicode 2003|AA. Bibliography#Unicode 2003]\]. Character information in Java 1.6 is based on the Unicode Standard, version 6.0.0 \[[Unicode 2011|AA. Bibliography#Unicode 2011]\].

Wiki Markup
According to the Unicode Standard \[[Davis 2008|AA. Bibliography#Davis 08]\], annex #15, Unicode Normalization Forms

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b7ac4eed0992140b-93158227-4b4f4e2c-b3368a4f-417dfed741f8636533ee4032"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 289

http://cwe.mitre.org/data/definitions/289.html] "Authentication Bypass by Alternate Name" ]]></ac:plain-text-body></ac:structured-macro>

 

CWE ID 180 "Incorrect Behavior Order: Validate Before Canonicalize"

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="099d162cb1715b58-d9bce3e7-42144e82-b52c94ec-b94d247b3753fbe468d7dd52"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8f003728de6da752-a517a324-4d6f48cf-9d6b83a3-6fbe1df429c0dab5f80a439c"><ac:plain-text-body><![CDATA[

[[Davis 2008

AA. Bibliography#Davis 08]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d44c0c07ce6caf69-c83f47b2-44c34daa-b578b361-326b43c21d455c48dad317e5"><ac:plain-text-body><![CDATA[

[[Weber 2009

AA. Bibliography#Weber 09]]

]]></ac:plain-text-body></ac:structured-macro>

...