Bugtraq mailing list archives
Re: Fwd: CERT Advisory CA-2000-02
From: liondios () UVIC CA (Byron Alley)
Date: Mon, 7 Feb 2000 16:02:08 -0500
Henrik Nordstrom a dit:
For the case of publishing information on a shared web site using strict HTML filterin is also beneficiable as it forces all authors to use a common HTML dialect, guaranteed not to disturb the site enforced layout or presentation, and helps keeping the information authors on track for providing the information rather than fiddling around to much in layout or presentation details.
Some web sites use an implementation based on this idea of a subset of HTML. You don't even need to use real HTML - just take the most useful functions, like bold, italics - and build a sub-language. In at least one case I recall, a site used a format with []'s: [B] instead of <B>, etc. This way you can safely remove any kind of tags, translate >'s to > entities, etc. Naive users may not even know HTML anyways, and advanced users will find it intuitive. It's questionable whether there is real usefulness in allowing a full range of HTML tags. This solution fits. - Byron Prizes are for children. - Charles Ives, upon being given, but refusing, the Pulitzer prize Byron Alley --> http://www.calicocity.com
Current thread:
- Re: Bypass Virus Checking, (continued)
- Re: Bypass Virus Checking Bacano (Feb 01)
- Re: Bypass Virus Checking Brad Griffin (Feb 01)
- Re: Bypass Virus Checking Vladimir Dubrovin (Feb 02)
- Re: Bypass Virus Checking Brock Sides (Feb 01)
- Re: Bypass Virus Checking salme () US IBM COM (Feb 01)
- Fwd: CERT Advisory CA-2000-02 Shockro () AOL COM (Feb 02)
- Re: Fwd: CERT Advisory CA-2000-02 fury (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Ari Gordon-Schlosberg (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Marc Slemko (Feb 03)
- Re: Fwd: CERT Advisory CA-2000-02 Henrik Nordstrom (Feb 05)
- Re: Fwd: CERT Advisory CA-2000-02 Byron Alley (Feb 07)
- Re: Fwd: CERT Advisory CA-2000-02 Len Budney (Feb 08)
- Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e Adam Gray (Feb 07)
- Fwd: CERT Advisory CA-2000-02 Shockro () AOL COM (Feb 02)
- Re: Fwd: CERT Advisory CA-2000-02 Henri Torgemane (Feb 03)
- recent 'cross site scripting' CERT advisory Tim Hollebeek (Feb 04)
- Re: recent 'cross site scripting' CERT advisory Marc Slemko (Feb 05)
- Re: recent 'cross site scripting' CERT advisory Manuel Martin (Feb 08)
- Novell BorderManager 3.5 Remote Slow Death Chicken Man (Feb 08)
- Re: Novell BorderManager 3.5 Remote Slow Death Ron van Daal (Feb 09)
- Re: Novell BorderManager 3.5 Remote Slow Death Puchatek (Feb 11)
- Re: recent 'cross site scripting' CERT advisory Bill Thompson (Feb 06)