[WEB SECURITY] The Marquee Tag and XSS

Ofer Shezaf ofer at shezaf.com
Sun Jan 18 10:06:13 EST 2009


From: gaz Heyes [mailto:gazheyes at gmail.com] 
Sent: Sunday, January 18, 2009 4:41 PM
To: Ofer Shezaf
Cc: Ory Segal; WebSecurity
Subject: Re: [WEB SECURITY] The Marquee Tag and XSS


For example, Ivan Ristic reminded me that ModSecurity would handle such a
signature well using the following rule where "expression" is the signature
to match:

SecRule ARGS "expression" phase:2,t:none,t:htmlEntityDecode,t:cssDecode

Cool will that also handle backslash escapes?

[Ofer Shezaf] Yes. The second transformation "t:cssDecode" is in charge of



~ Ofer


Ofer Shezaf [shezaf at xiom.com, +972-54-4431119, www.xiom.com]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090118/9f4a8d30/attachment.html>

More information about the websecurity mailing list