[mir-coders] html attribute filtering

john duda john at manifestor.org
Tue Oct 26 08:20:44 PDT 2004


i just modified MirBasicProducerAssistantLocalizer
to drill down into the values of "src" attributes
to try and detect javascript xss attacks.

basically it rejects the attribute value if:
1) it starts with javascript:
2) it has a colon  and an ampersand, and the ampersand comes before the colon.  there are nasty tricks that at use this to do things like j&#nn;avascript;, where nn is some code i can't remember at the moment.

people should upgrade their mirs, and feel free to critique my filter.

john




-- 

this is where my public key can be found:
gpg --keyserver pgp.mit.edu --recv-keys 03817826
Key fingerprint = 6C11 8D70 2ADE EFA9 498D  72CB 77EA 391A 0381 7826




More information about the mir-coders mailing list