New blog post this week to help fight XSS flaws - http://blog.modsecurity.org/2010/09/advanced-topic-of-the-week-xss-defense-via-content-injection.html
I also setup a demo so you can see how it works and/or try and find evasions - http://www.modsecurity.org/demo/demo-deny-noescape.html This will most likely make it into a future version of the OWASP CRS in an experimental rules directory. Cheers, Ryan _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
