|
|
|
|
|
|
by bawolff
1759 days ago
|
|
|
Its dynamic taint checking - it tries to keep track of which variables are user controlled (tainted) and prevent you from using them unsafely. As a strategy for dealing with xss, its fallen out of favour, but static taint analysis, which is the same thing but not at runtime and less accurate is still super popular in big shops as a CI step. As an approach though its more a way to make sure you dont screw up as opposed to a way to solve the problem in general. |
|
|