Topic / Product

SAP Note Number

Short Text

Basic notes regarding the available cross-site scripting libraries

1582870

ABAP XSS Escaping Support

1582867

Security options (XSS) for ESCAPE

Business Server Pages (BSP)

1600317

Unauthorized modification of displayed content in BSP

1687915

BSP: syntax error after note 1640092

1640092

BSP: <%javascript=...%> cannot be used

1671470

BSP: Desgin2008 for release 7.00 and 7.01

Internet Transaction Server (ITS)

1488500

ITS: automatically escape context fields in output

1588612

ITS: new CSS escaping function xss_css_escape

1621946

ITS: updated XSS-escaping functions

Web Dynpro ABAP

1649117

Unauthorized modification of displayed content in Web Dynpro

Organization / Vendor

Documentation

Reference

World Wide Web Consortium (W3C)

HTML 4.01 Specification

http://www.w3.org/TR/html40

Extensible Markup Language (XML) 1.0 (Fifth Edition)

http://www.w3.org/TR/xml

Cascading Style Sheets Level 2 Revision 1 (CSS 2.1) Specification

http://www.w3.org/TR/CSS21

Setting the http charset parameter

http://www.w3.org/International/O-HTTP-charset

Open Web Application Security Project (OWASP)

XSS (Cross Site Scripting) Prevention Cheat Sheet

http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet