Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail

OWASP Foundation via YouTube

Start learning Write review
Coursera Ad

Google AI Professional Certificate - Learn AI Skills That Get You Hired

Learn More → Corporate Finance Institute Ad

Build the Finance Skills That Lead to Promotions — Not Just Certificates

Learn More →

Overview

Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
This conference talk explores why client-side HTML sanitization is preferable to server-side approaches for XSS mitigation. Discover the counterintuitive but compelling reasons why sanitizing user input on the client side makes more sense for HTML security. Examine common pitfalls of server-side HTML sanitization through multiple real-world vulnerability examples. Learn why traditional security wisdom about server-side validation doesn't always apply to HTML sanitization specifically. The 27-minute presentation by Yaniv Nizry, hosted by the OWASP Foundation, provides practical insights for web application security professionals looking to improve their approach to safely rendering user-generated HTML content.

Syllabus

Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail - Yaniv Nizry

Taught by

OWASP Foundation

Reviews

Start your review of Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.