Microsoft Word – WorkNeed.docx
Web Security and Validation
1. AJAX Calendar (60 Points):
§ B e s t P r a c t i c e s ( 2 0 P o i n t s ) :
§ Safe from XSS attacks; that is, all content is escaped on output (3 points)
§ Your application needs to prevent XSS attacks. Be careful when transmitting data
over JSON that will be reflected in an event title! (Note: JSON data should be
sanitized on the client side, not the server side.)
§ http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_P
art_3
§ Safe from SQL Injection attacks (2 points)
§ Use prepared queries to prevent SQL Injection attacks.
§ http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_P
art_3
§ CSRF tokens are passed when editing or removing events (3 points)
§ Pass tokens in forms to prevent CSRF attacks.
Hint: You will need to send your CSRF tokens in your AJAX requests. Remember
that AJAX still submits forms and runs server-side scripts, just like the vanilla forms
you’ve been using in Modules 2 and 3.
§ http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_P
art_2
§ Page passes the W3C validator (2 points)
1. Index.html not passing W3C validator
2. Creative Portion (15 Points)
§ Additional Calendars Features (worth 15 points): Develop some additional features for the
calendar, a few examples are provided below.
§ Users can tag an event with a particular category and enable/disable those tags in the
calendar view. (5 points)
§ Users can share their calendar with additional users. (5 points)
§ Users can create group events that display on multiple users calendars (5 points)