WebApp Sec mailing list archives

Re: Preventing cross site scripting

From: "Tim Greer" <chatmaster () charter net>
Date: Thu, 19 Jun 2003 19:48:13 -0700




----- Original Message -----
From: "Bob Lee" <crazybob () crazybob org>
To: <webappsec () securityfocus com>
Sent: Thursday, June 19, 2003 7:19 PM
Subject: Re: Preventing cross site scripting

You can also embed javascript in seemingly harmless tags such as "img"
and in event handlers, such as "onload".


if you blindly accept whatever is passed, yes. However, don't, and it's not
an issue. :-)
--
Regards,
Tim Greer  chatmaster () charter net
Server administration, security, programming, consulting.

Current thread:

Re: Preventing cross site scripting, (continued)
- Re: Preventing cross site scripting Andrew Beverley (Jun 24)
- Preventing cross site scripting Andrew Beverley (Jun 19)
  - Re: Preventing cross site scripting Tim Greer (Jun 19)
- RE: Preventing cross site scripting David Cameron (Jun 19)
  - Re: Preventing cross site scripting Alex Lambert (Jun 19)
    - Re: Preventing cross site scripting Tim Greer (Jun 19)
  - RE: Preventing cross site scripting Mutallip Ablimit (Jun 19)
    - RE: Preventing cross site scripting Jeremiah Grossman (Jun 19)
    - Re: Preventing cross site scripting Tim Greer (Jun 19)
  - Re: Preventing cross site scripting Bob Lee (Jun 19)
    - Re: Preventing cross site scripting Tim Greer (Jun 19)
- RE: Preventing cross site scripting David Cameron (Jun 19)
  - Re: Preventing cross site scripting Tim Greer (Jun 19)
- RE: Preventing cross site scripting Jeremiah Grossman (Jun 19)
  - Re: Preventing cross site scripting Tim Greer (Jun 20)
    - RE: Preventing cross site scripting Mutellip Ablimit (Jun 20)
    - Re: Preventing cross site scripting Tim Greer (Jun 20)
- RE: Preventing cross site scripting Michael Howard (Jun 20)
- RE: Preventing cross site scripting Calderon, Juan C (EM, DDEMESIS) (Jun 21)