I have been using Antisamy library (from OWASP) for preventing XSS for an existing web application.
Can someone advice me to understand the Ploicy file.I found that there is no documentation for this yet.(its under work the official site says).
Here is a rule from the Policy File.
My understanding is : This rule cause to stop executing onMouseOver() event when the response from server contains onMouseOver to prevent Reflected XSS.However,this event works on the web page perfectly before the request goes to the server.So that there is no side-effect of using this library to the existing JSP or HTMLS which have already onmouseOver and onmouseClick events coded.
can someone please tell me my understanding is correct?
I do some of my very best work in water. Like this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop