Defending against XSS and CSRF attacks
Specific measures for XSS and CSRF defence.
Cookie Security Considerations for CSRF attacks
CSRF attacks, by definition, usually involve abusing the fact that the user is already logged in ...
CSRF tokens and CSRF headers
CSRF Headers Adding a custom request header to 'unsafe' outgoing AJAX requests (e.g. POST reques...
Displaying user-inputted content on webpages
XSS (Cross-Site Scripting) generally results from bad practices regarding user input. For example...