Reform Encoding Library

Michael Eddington (meddington@phed.org)


Web applications face any number of threats; one of them is cross-site scripting and related injection attacks.  90% of all web applications contain cross-site scripting attacks because they are easy to introduce, and the proper tools are not always available to prevent them.  There is no good single library that provides all the functions required by developers to incorporate a fix into there code that will stand up to the test of time and continual research in the field.  The Reform library attempts to provide a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc).  The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.

 

Project adopted by OWASP

This project has been adopted by OWASP, the new project page can be found here


6 Responses to “Reform Encoding Library”

  1. [...] face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context [...]

  2. [...] face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context [...]

  3. Hi! I was reading about Ajax security and I found the Reform Library in OWASP, then I came here looking for help.

    I use JSON to send messages between PHP and Javascript. I read also that for JSON I had to return it with an object on the outside. Ok.

    My question or doubt is “Do I still need to use Reform?” (I’m not sure if it’s only for XML responses)

    If so, please, can you give some little examples of where & how can I use it. I’ve been also looking for more information about this topic but still without good results. That’s why I came to the source.

    Thanks :)

  4. [...] face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context [...]

  5. [...] face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context [...]

  6. [...] : http://phed.org/reform-encoding-library/ [!] Report this snippet Processing your request, Please [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: