8
seCure develoPment For mobIle APPs
Battle for Output Context
Output context is the latest general attack vector that needs to be defended against.
e problem of output context is created by the fact that output is interpreted and
processed differently by different display engines depending on how the output is
actually displayed. Is a user-supplied URL displayed in the browser as read-only
HTML or as a hyperlink? Will it be processed by the JavaScript parser? Getting
output context correct is a big deal. It is so important that it has been explicitly and
thoroughly dealt with in the latest O’Reilly book, Programming PHP, ird Edition
by Tatroe, MacIntyre, and Lerdorf. is is a big change from the second edition
which did not mention this ...