go-safeweb is a project offering libraries for creating secure HTTP servers in Go, focusing on eliminating XSS and XSRF vulnerabilities. The goal is to apply security mechanisms by default, making unsafe usage easy to review and track. The project aims to evolve with security requirements and maintain compatibility with Go’s standard library. Features not critical to security will not be added to keep the codebase streamlined. Mitigations for various security issues like XSS, XSRF, and transport security are outlined. The unique approach involves careful API design and addressing security vulnerabilities through code manipulation and runtime monitoring.
https://github.com/google/go-safeweb