[WEB SECURITY] The Marquee Tag and XSS

Richard Moore rich at westpoint.ltd.uk
Tue Jan 13 12:52:35 EST 2009


Ofer Shezaf wrote:
> fix he found out that the developers checked the input for the word
> "Gotcha!". Marquee is not much different in this sense than Gotcha!

We see this frequently, they also like blocking the alert() function.
Sigh.

Rich.
-- 
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list