Web Security and Validation
1. AJAX Calendar (60 Points):
· Best Practices (20 Points):
· Safe from XSS attacks; that is, all content is escaped on output (3 points)
· Your application needs to prevent XSS attacks. Be careful when transmitting data over JSON that will be reflected in an event title! (Note: JSON data should be sanitized on the client side, not the server side.)
· http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_Part_3
· Safe from SQL Injection attacks (2 points)
· Use prepared queries to prevent SQL Injection attacks.
· http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_Part_3
· CSRF tokens are passed when editing or removing events (3 points)
· Pass tokens in forms to prevent CSRF attacks.
Hint: You will need to send your CSRF tokens in your AJAX requests. Remember that AJAX still submits forms and runs server-side scripts, just like the vanilla forms you’ve been using in Modules 2 and 3.
· http://classes.engineering.wustl.edu/cse330/index.php/Web_Application_Security,_Part_2
· Page passes the W3C validator (2 points)
1. Index.html not passing W3C validator
2. Creative Portion (15 Points)
· Additional Calendars Features (worth 15 points): Develop some additional features for the calendar, a few examples are provided below.
· Users can tag an event with a particular category and enable/disable those tags in the calendar view. (5 points)
· Users can share their calendar with additional users. (5 points)
· Users can create group events that display on multiple users calendars (5 points)
/docProps/thumbnail.jpeg