Hosting Provided By

Mozilla Pheonix Prevents XSS ?

From: <securityarchitect(at)hush.com>
Date: Mon Nov 11 2002 - 12:57:11 EST

There has been a lot of discussion recently about ways to prevent XSS client-side and seems MS have made some HTML extensions to mark frames safe from scripting a while back in IE. This got me thinking that given the browser runs a known JavaScript interpreter it would seem sensible to intercept certain function calls and prevent them from running. Sure enough on investigation the Mozilla Pheonix browser does exactly this. There is a setting that you can enable that prevents JavaScript from reading cookies.

Has anyone tested it? Seems like a great idea.

PS I see the OWASP filters project have some Java code in the CVS for preventing XSS at the server-side. Anyone know when it will be finished and when other languages will be available?

Get your free encrypted email at https://www.hushmail.com Received on Mon Nov 11 13:03:46 2002

This message: [ Message body ]
Next message: Jason Childers: "Re: When GET = POST?"
Previous message: Kevin Spett: "Re: When GET = POST?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT