Hallo! Wir sind die webfactory. Wir bauen barrierefreie und performante Web­anwendungen. Wir pflegen eine ganz besondere Unter­nehmenskultur und wir bloggen über all diese Dinge.



  • Avoiding an XSS Loophole in Twig

    Cross-site-scripting, or XSS, is a class of web application vulnerabilities. When an attacker is able to inject a code snippet of choice into a web page and have it treated as HTML, JavaScript or similar, they gain vast freedom to perform actions on behalf of the users to which that code is displayed. The Twig template engine comes with an „autoescape“ feature that will prevent many XSS attack vectors by default. Yet, you still need to be aware of potential pitfalls. In this blog post, I‘ll cover one example.