[WEB SECURITY] The Marquee Tag and XSS

Richard Moore rich at westpoint.ltd.uk
Tue Jan 13 12:52:35 EST 2009

Ofer Shezaf wrote:
> fix he found out that the developers checked the input for the word
> "Gotcha!". Marquee is not much different in this sense than Gotcha!

We see this frequently, they also like blocking the alert() function.

Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list