This week¹s blog post is very timely considering the new Twitter XSS/CSRF worm that exploded this morning - http://www.computerworld.com/s/article/9186980/Twitter_fixes_cross_site_scri pting_flaw?taxonomyId=16
Hope this post is helpful - http://blog.modsecurity.org/2010/09/advanced-topic-of-the-week-identifying-i mproper-output-handling-xss-flaws.html These rules are BETA/Experimental. If you try them out, please let me know how they work. -Ryan
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
