replace owasp cheat sheet inline reference

aaronpk · aaronpk · commit 9ee2e3bdfcb9 · 2025-01-16T19:00:37.000-08:00
diff --git a/draft-ietf-oauth-browser-based-apps.md b/draft-ietf-oauth-browser-based-apps.md
@@ -477,7 +477,7 @@ In a typical BFF deployment scenario, there is no reason to use more relaxed coo
 
 Additionally, when using client-side sessions that contain access tokens, (as opposed to server-side sessions where the tokens only live on the server), the BFF SHOULD encrypt its cookie contents. This ensures that tokens stored in cookies are never written to the user's hard drive in plaintext format. This security measure helps ensure the  confidentiality of the tokens in case an attacker is able to read cookies from the hard drive. Such an attack can be launched through malware running on the victim's computer. Note that while encrypting the cookie contents prevents direct access to embedded tokens, it still allows the attacker to use the encrypted cookie in a session hijacking attack.
 
-For further guidance on cookie security best practices, we refer to the OWASP Cheat Sheet series (<https://cheatsheetseries.owasp.org>).
+For further guidance on cookie security best practices, we refer to the OWASP Cheat Sheet series ({{OWASPCheatSheet}}).
 
 
 

Original file line number	Diff line number	Diff line change
`@@ -477,7 +477,7 @@ In a typical BFF deployment scenario, there is no reason to use more relaxed coo`
`477`	`477`
`478`	`478`	Additionally, when using client-side sessions that contain access tokens, (as opposed to server-side sessions where the tokens only live on the server), the BFF SHOULD encrypt its cookie contents. This ensures that tokens stored in cookies are never written to the user's hard drive in plaintext format. This security measure helps ensure the confidentiality of the tokens in case an attacker is able to read cookies from the hard drive. Such an attack can be launched through malware running on the victim's computer. Note that while encrypting the cookie contents prevents direct access to embedded tokens, it still allows the attacker to use the encrypted cookie in a session hijacking attack.
`479`	`479`
`480`		`-For further guidance on cookie security best practices, we refer to the OWASP Cheat Sheet series (<https://cheatsheetseries.owasp.org>).`
	`480`	`+For further guidance on cookie security best practices, we refer to the OWASP Cheat Sheet series ({{OWASPCheatSheet}}).`
`481`	`481`
`482`	`482`
`483`	`483`