[WEB SECURITY] file scheme handling of the "|" character
robert at webappsec.org
Tue Jun 21 15:53:04 EDT 2011
> While on the topic of URI parsing, were you all aware of this behavior?
> I know someone testing Webkit was as it's in their list of test cases. But
> I did not realize that some browsers, MSIE and Chrome, will literally
> convert the "|" to a ":" in the drive letter of the path component.
> I can see this being a problem for security filters, but can't think of
> anything specific.
Interesting. Here's another odd behavior that I couldn't convert to a
abuse case, but may be useful to someone.
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
More information about the websecurity