Users today rely on the Internet for a variety of things. Users can find information on more mundane matters, such as checking for a recipe on how to make a particular dish or on more serious matters such as finding a new job, maintaining professional contacts, or finding people with the right qualifications to hire. This has led to very sophisticated Websites that include many features (or applications), often from different developers or different teams. These developers can be in-house (e.g., developers who work directly for the Website operator) or third-party developers (e.g., developers who create material for use with the Website but are not employed directly by the Website operator).
Especially for these feature rich Websites, securing them has become a particularly difficult task. Different features can be created by different developers, but they all need to work well together on each respective Website. An example of an error that can occur include encoding errors. For example, each feature on the Website may need to communicate with other features or data resources to exchange, update, create, or delete information. To do this, the features need to select the proper filters to make sure that the information is properly encoded.
One of the difficulties in catching encoding errors is when the error is in a special category of errors, known as a stored XSS error. This means that, although the error (e.g., XSS error) appears on one page or feature of the Website, the attack/injection itself was introduced onto the Website from another page or feature. Since detecting these errors involve more than one feature, they are difficult to detect. Therefore, there is a need to prevent or detect encoding errors, such as when they include stored XSS errors.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.