Hello, We have an ongoing effort to keep all DSA translated to french. But we have a problem with the DSA125:
Yuji Takahashi discovered a bug in analog which allows a cross-site scripting type attack. It is easy for an attacker to insert arbitrary strings into any web server logfile. If these strings are then analysed by analog, they can appear in the report. By this means an attacker can introduce arbitrary Javascript code, for example, into an analog report produced by someone else and read by a third person. Analog already attempted to encode unsafe characters to avoid this type of attack, but the conversion was incomplete. What is a cross-site scripting type attack ? If there is some french speaking people on this list, could you propose a translation ? If not, could you explain in english what kind of attack it is? Thanks for all, Mt. PS: keep us in CC, since we are not on the ML. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]