Hosting Provided By

Re: Preventing cross site scripting

From: Tim Greer <chatmaster(at)charter.net>
Date: Thu Jun 19 2003 - 22:51:11 EDT

Original Message ----- From: "Jeremiah Grossman" <jeremiah@whitehatsec.com> To: "Mutallip Ablimit" <mutax@insi.co.jp> Cc: <webappsec@securityfocus.com> Sent: Thursday, June 19, 2003 7:44 PM Subject: RE: Preventing cross site scripting

> This post reminded me of another potential gotcha in HTML/JS filtering.

Which is why you simply don't (for simple logic reasons alone) allow and render any HTML tag that would have a starting or ending HTML tag *within it*.

--
Regards,
Tim Greer  chatmaster@charter.net
Server administration, security, programming, consulting.

Received on Thu Jun 19 23:21:39 2003

This message: [ Message body ]
Next message: Tim Greer: "Re: Preventing cross site scripting"
Previous message: Tim Greer: "Re: Preventing cross site scripting"
In reply to Jeremiah Grossman: "RE: Preventing cross site scripting"
Next in thread: Bob Lee: "Re: Preventing cross site scripting"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:52 EDT