Gervase Markham wrote: > Robert O'Callahan wrote in mozilla.dev.planning: >> 3) Some kind of dynamic anti-XSS filter that monitors browser traffic >> and blocks stuff. Not many details about that yet. > > This latter is an interesting idea, but it sounds to me like a recipe > for hard-to-understand breakage and bugs, particularly if ours works > differently to theirs. I'd be interested in closer analysis of what > proportion of attacks this might address, and whether we can immediately > think of ways attackers could break it. > > Does anyone have more info, or comments on their approach? The doc is here: > http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
In the MSDN blog comments, Giorgio Maone links to documentation for a similar feature of NoScript: http://noscript.net/features#xss Mike _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
