Re: Fwd: XSS evasion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: XSS evasion

Subject: Re: Fwd: XSS evasion
Date: Fri, 06 Oct 2006 19:25:06 +0200
From: Clinton Gormley <suppressed>

On Fri, 2006-10-06 at 18:48 +0200, Hendrik Van Belleghem wrote:
> "mock" talked about XSS at this years YAPC::Europe in Birmingham a few
> weeks ago. He had quite a few examples. His slides are at
> http://sketchfactory.com/static/mvc.pdf (More Vulnerable Code).
> It goes without saying that it would be a bit unwise to test the URLs
> mentioned in the talk.

He briefly mentions HTML::Scrubber in there. I am using
HTML::Stripscripts::Parser, which also makes sure that tags are nested
properly.

Anybody have any view on these (or other) modules?

Clint

References:
- XSS evasion
  - From: Clinton Gormley
- Re: XSS evasion
  - From: Jonathan Vanasco
- Fwd: XSS evasion
  - From: Hendrik Van Belleghem

Prev by Date: Re: XSS evasion
Next by Date: Re: XSS evasion
Previous by thread: Fwd: XSS evasion
Next by thread: Using a DB to record Apache's access_log
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.