...
In this case the trust boundary exists between the untrusted data and the CGI script, whereas the trusted domain is the web browser; or rather the HTML parsing and rendering engine within the web browser.
Noncompliant Code Example (Taint Mode)
Using Taint mode will not detect or prevent the XSS. Taint mode does not prevent tainted data from being printed to standard output.
Compliant Solution (XSS)
To prevent injection of HTML, Javascript, or malicious images, any untrusted input must be sanitized. This compliant solution sanitizes the input using the escapeHTML() subroutine from the CGI library.
...
Tool | Diagnostic | Notes |
|---|---|---|
Taint Mode | Insecure dependency in parameter \d* of DBI::db=.* method call | Catches SQL injection. Requires |
...
Related Guidelines
| The CERT Oracle Secure Coding Standard for Java | IDS00-J. Sanitize untrusted data passed across a trust boundary |
...