tag update for 5.3.2 / 13.1.7

OWASP · Jan 10, 2025 · 7751e38 · 7751e38
1 parent 55539d7
commit 7751e38
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/5.0/en/0x13-V5-Validation-Sanitization-Encoding.md b/5.0/en/0x13-V5-Validation-Sanitization-Encoding.md
@@ -73,7 +73,7 @@ In many cases, software libraries will include safe or safer functions which wil
 | # | Description | L1 | L2 | L3 | CWE |
 | :---: | :--- | :---: | :---: | :---: | :---: |
 | **5.3.1** | [MODIFIED, SPLIT TO 5.3.13] Verify that output encoding for an HTTP response, HTML document, or XML document is relevant for the context required, such as encoding the relevant characters for HTML elements, HTML attributes, HTML comments, CSS, or HTTP header fields, to avoid changing the message or document structure. | ✓ | ✓ | ✓ | 116 |
-| **5.3.2** | [DELETED, DUPLICATE OF 14.4.1] | | | | |
+| **5.3.2** | [DELETED, COVERED BY 13.1.7] | | | | |
 | **5.3.3** | [MODIFIED, SPLIT TO 50.6.2] Verify that output encoding or escaping is used when dynamically building JavaScript content (including JSON), to avoid changing the message or document structure (to avoid JavaScript and JSON injection). | ✓ | ✓ | ✓ | |
 | **5.3.4** | [MODIFIED] Verify that data selection or database queries (e.g. SQL, HQL, NoSQL, Cypher) use parameterized queries, ORMs, entity frameworks, or are otherwise protected from SQL Injection and other database injection attacks. This should also be considered when writing stored procedures. | ✓ | ✓ | ✓ | 89 |
 | **5.3.5** | [DELETED, DUPLICATE OF 5.3.4] | | | | |

diff --git a/5.0/en/0x21-V13-API.md b/5.0/en/0x21-V13-API.md
@@ -20,7 +20,7 @@ This is a placeholder for future documentation requirements.
 | **13.1.4** | [DELETED, DUPLICATE OF 4.2.1] | | | | |
 | **13.1.5** | [DELETED, INSUFFICIENT IMPACT] | | | | |
 | **13.1.6** | [MODIFIED, MOVED FROM 13.2.6, LEVEL L2 > L3] Verify that per-message digital signatures are used to provide additional assurance on top of transport protections for requests or transactions which are highly sensitive or which traverse a number of systems. | | | ✓ | 345 |
-| **13.1.7** | [MODIFIED, MOVED FROM 14.4.1] Verify that every HTTP response with a message body contains a Content-Type header field that matches the actual content of the response, including the charset parameter to specify safe character encoding (e.g., UTF-8, ISO-8859-1) according to IANA Media Types, such as "text/", "/+xml" and "/xml". | ✓ | ✓ | ✓ | 173 |
+| **13.1.7** | [MODIFIED, MOVED FROM 14.4.1, COVERS 5.3.2] Verify that every HTTP response with a message body contains a Content-Type header field that matches the actual content of the response, including the charset parameter to specify safe character encoding (e.g., UTF-8, ISO-8859-1) according to IANA Media Types, such as "text/", "/+xml" and "/xml". | ✓ | ✓ | ✓ | 173 |
 | **13.1.8** | [ADDED] Verify that HTTPS-based endpoints either return an error or do not respond to unencrypted HTTP requests which contain sensitive data in the headers or body. If a client is erroneously sending unencrypted HTTP requests but the requests are being automatically redirected to HTTPS, this leakage of sensitive data may go undiscovered. | | ✓ | ✓ | |
 
 ## V13.2 Web Services