Re: Compiling Clojure security knowledge

On Monday, September 2, 2013 8:10:10 PM UTC-6, Nelson Morris wrote: > > > > > Several of Yesod's responses to other items on the list are humorous in > there vagueness, but in my experience for clojure: > > 1.Injection: Done by JDBC's prepared statements, and clojure.jdbc's use > of them

Re: Compiling Clojure security knowledge

On Mon, Sep 2, 2013 at 6:25 AM, abp wrote: > clojars uses https://github.com/ato/**clojars-web/blob/master/src/** >> clojars/web/safe_hiccup.clj >> >> which automatically escapes. > > > But that double escapes attribu

Re: Compiling Clojure security knowledge

> > clojars uses > https://github.com/ato/clojars-web/blob/master/src/clojars/web/safe_hiccup.clj > > which automatically escapes. But that double escapes attribute values if you don't put them in raw-calls. On Monday, September 2, 2013 6:32:59 AM UTC+2, Ivan Kozik wrote: > > On Sun, Sep 1,

Re: Compiling Clojure security knowledge

On Sun, Sep 1, 2013 at 7:06 PM, Vincent Ambo wrote: > * How and where do we prevent XSS attacks? Do we have templating engines > that escape things unless told otherwise, or - if not - do these features > exist in the form of a helper function? If yes, where? (And so on...) clojars uses https://

Re: Compiling Clojure security knowledge

Vincent, On Sun, Sep 1, 2013 at 8:06 PM, Vincent Ambo wrote: > * *Where are these things being discussed* in the Clojure community? > Googling things like "Clojure web security" brings up almost nothing. > Some discussions on this have started on the clojure-sec google group here: https://grou

Compiling Clojure security knowledge

Hej everyone! After a short but interesting discussion on #clojure I'd like to pose some security related questions to a larger audience. This is mostly about user-facing web applications. First some short background: In the main web framework I use, Yeso