Does anybody have an example(s) of how this kind of abuse is actually working? All the time I have just been lucky then I guess. Arnold van Kampen On Tue, 22 Jan 2002, Perrin Harkins wrote: > > Yes and no. XSS attacks are possible on old browsers, when the charset is > not > > set (something which is often the case with modperl apps) and when the > > HTML-escaping bit does not match what certain browsers accept as markup. > > Of course I set the charset, but I didn't know that might not be enough. > Does anyone know if Apache::Util::escape_html() and HTML::Entities::encode() > are safe? > > - Perrin >
- Cross-site Scripting prevention with Apache::TaintReq... Paul Lindner
- Re: Cross-site Scripting prevention with Apache:... Perrin Harkins
- Re: Cross-site Scripting prevention with Apa... Robin Berjon
- Re: Cross-site Scripting prevention with... Perrin Harkins
- Re: Cross-site Scripting prevention ... Robin Berjon
- Re: Cross-site Scripting preven... Paul Lindner
- Re: Cross-site Scripting prevention ... Arnold van Kampen
- Re: Cross-site Scripting preven... João Pedro Gonçalves
- Re: Cross-site Scripting prevention with Apache:... Thomas Eibner
- Re: Cross-site Scripting prevention with Apa... Tatsuhiko Miyagawa
- Re: Cross-site Scripting prevention with Apache:... Tatsuhiko Miyagawa
