Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: Preventing cross site scripting

From: Wojciech Purczynski <cliph(at)isec.pl>
Date: Fri Jun 20 2003 - 09:27:05 EDT

> To prevent CSS attacks, it is the most simple and trivial thing; Simply

I like your idea. :) However, it would break some HTML pages that already contains some examples of HTML code etc.

Perhaps it should be done in three steps:

Change all < > to &foolt; and &foogt; corresponding
Put back all allowable HTML tags i.e. &foolt;BODY&foogt; (using regex or sth else to filter out unwanted attributes)
Change all remaining &foolt; to < and &foogt; to >

Cheers,
wp

-- 
Wojciech Purczynski
iSEC Security Research
http://isec.pl/

Received on Fri Jun 20 10:10:28 2003

This message: [ Message body ]
Next message: Laurian Gridinoc: "Re: Preventing cross site scripting"
Previous message: Alla Bezroutchko: "Re: Input validation"
In reply to Tim Greer: "Re: Preventing cross site scripting"
Next in thread: Laurian Gridinoc: "Re: Preventing cross site scripting"
Reply: Laurian Gridinoc: "Re: Preventing cross site scripting"
Reply: Tim Greer: "Re: Preventing cross site scripting"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:53 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library