[WEB SECURITY] The Marquee Tag and XSS
Richard Moore
rich at westpoint.ltd.uk
Tue Jan 13 12:52:35 EST 2009
Ofer Shezaf wrote:
> fix he found out that the developers checked the input for the word
> "Gotcha!". Marquee is not much different in this sense than Gotcha!
We see this frequently, they also like blocking the alert() function.
Sigh.
Rich.
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
More information about the websecurity
mailing list