Reform Encoding Library

Michael Eddington (meddington@phed.org)

Web applications face any number of threats; one of them is cross-site scripting and related injection attacks.  90% of all web applications contain cross-site scripting attacks because they are easy to introduce, and the proper tools are not always available to prevent them.  There is no good single library that provides all the functions required by developers to incorporate a fix into there code that will stand up to the test of time and continual research in the field.  The Reform library attempts to provide a solid set of functions for encoding output for the most common context targets in web applications (e.g. HTML, XML, JavaScript, etc).  The library also takes a conservative view of what are allowable characters based on historical vulnerabilities, and current injection techniques.

 

Project adopted by OWASP

This project has been adopted by OWASP, the new project page can be found here


6 Responses to “Reform Encoding Library”

  1. [...] face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context [...]

    The html blog | 10 code snippets for PHP developers said this on November 3, 2008 at 4:51 pm | Reply

  2. [...] face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context [...]

    10 code snippets for PHP developers | Bookmarks said this on April 20, 2009 at 8:15 pm | Reply

  3. Hi! I was reading about Ajax security and I found the Reform Library in OWASP, then I came here looking for help.

    I use JSON to send messages between PHP and Javascript. I read also that for JSON I had to return it with an object on the outside. Ok.

    My question or doubt is “Do I still need to use Reform?” (I’m not sure if it’s only for XML responses)

    If so, please, can you give some little examples of where & how can I use it. I’ve been also looking for more information about this topic but still without good results. That’s why I came to the source.

    Thanks :)

    Luis Aveiga said this on May 27, 2009 at 5:50 pm | Reply

  4. [...] face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context [...]

    10 code snippets for PHP developers « News said this on May 29, 2009 at 5:13 am | Reply

  5. [...] face any number of threats; one of them is cross-site scripting and related injection attacks. The Reform library attempts to provide a solid set of functions for encoding output for the most common context [...]

    Goldendevelopersworld.com » Blog Archive » 10 code snippets for PHP developers said this on November 5, 2009 at 9:13 am | Reply

  6. [...] : http://phed.org/reform-encoding-library/ [!] Report this snippet Processing your request, Please [...]

    String encoding to prevent harmful code « Html « Php « Codes php – Share your php snippets said this on July 15, 2011 at 4:56 am | Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: