[mir-coders] html attribute filtering
john duda
john at manifestor.org
Tue Oct 26 08:20:44 PDT 2004
i just modified MirBasicProducerAssistantLocalizer
to drill down into the values of "src" attributes
to try and detect javascript xss attacks.
basically it rejects the attribute value if:
1) it starts with javascript:
2) it has a colon and an ampersand, and the ampersand comes before the colon. there are nasty tricks that at use this to do things like j&#nn;avascript;, where nn is some code i can't remember at the moment.
people should upgrade their mirs, and feel free to critique my filter.
john
--
this is where my public key can be found:
gpg --keyserver pgp.mit.edu --recv-keys 03817826
Key fingerprint = 6C11 8D70 2ADE EFA9 498D 72CB 77EA 391A 0381 7826
More information about the mir-coders
mailing list