[WEB SECURITY] The Marquee Tag and XSS
Ofer Shezaf
ofer at shezaf.com
Sun Jan 18 10:06:13 EST 2009
From: gaz Heyes [mailto:gazheyes at gmail.com]
Sent: Sunday, January 18, 2009 4:41 PM
To: Ofer Shezaf
Cc: Ory Segal; WebSecurity
Subject: Re: [WEB SECURITY] The Marquee Tag and XSS
For example, Ivan Ristic reminded me that ModSecurity would handle such a
signature well using the following rule where "expression" is the signature
to match:
SecRule ARGS "expression" phase:2,t:none,t:htmlEntityDecode,t:cssDecode
Cool will that also handle backslash escapes?
[Ofer Shezaf] Yes. The second transformation "t:cssDecode" is in charge of
that.
~ Ofer
Ofer Shezaf [shezaf at xiom.com, +972-54-4431119, www.xiom.com]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090118/9f4a8d30/attachment.html>
More information about the websecurity
mailing list