What is encoding?

Feb 25, 2009 at 9:49 AM

I created the following blog post when preparing for a couple of talks on encoding data using AntiXSS and the SRE:

I would appreciate any feedback or comments here or on that post.



Feb 25, 2009 at 10:57 AM

Hi Kirk-


Dennis Groves here, the Project Manager of AntiXSS. It is a great post and thank you for the shout out... 

It is interesting to note that data input validation aka “trust no-one”; in not just a web application mantra; but should be the mantra of all developers. As you can read here <
http://cm.bell-labs.com/who/ken/trust.html> in 1984, Ken Thompson correctly identified this as an issue for all developers. This is the genuine state of security – 15 years later, and data input validation remains the most prevalent issue in developing secure software. If we could as a security industry get developers to just validate input – “ie trust no-one”; I fully believe that 80% of all security issues would immediately go-away.





Mar 6, 2009 at 2:06 AM
Hi Kirk,

Excellent blog on the issues of XSS. Have passed it onto our developers to have a read to understand the problem.