This conference talk explores why client-side HTML sanitization is preferable to server-side approaches for XSS mitigation. Discover the counterintuitive but compelling reasons why sanitizing user input on the client side makes more sense for HTML security. Examine common pitfalls of server-side HTML sanitization through multiple real-world vulnerability examples. Learn why traditional security wisdom about server-side validation doesn't always apply to HTML sanitization specifically. The 27-minute presentation by Yaniv Nizry, hosted by the OWASP Foundation, provides practical insights for web application security professionals looking to improve their approach to safely rendering user-generated HTML content.
Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail
Overview
Syllabus
Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail - Yaniv Nizry
Taught by
OWASP Foundation
Related Courses
-
Web Application Penetration Testing: Client-side Testing
-
OWASP TOP 10: Cross-site scripting (XSS) ~2023
-
OWASP Top 10: Server Side Request Forgery
-
Web Security: Common Vulnerabilities And Their Mitigation
-
XSS Cross Site Scripting attack- Hacking Technique
-
OWASP TOP 10: File upload vulnerabilities ~2023
