Our research articles are geared towards giving developers useful guidance on how to write more secure code and use static analysis effectively.

Fixing XSS: a practical guide for developers

Cross-site scripting (XSS) is a complex problem with many moving parts, but we want to highlight the most important "gotchas." It is important to understand that HTML escaping (using HTML entities) is not always the right solution to output dynamic data in an HTML page. There is no magic escaper that can make dynamic data safe for all possible HTML output contexts...

HTML 5 tokenizer visualization

This visualization helps explain how the HTML 5 tokenizer works by displaying a grammar-like representation of the tokenizer.