On 10/28/2003 01:30 PM Frode E. Moe wrote:
On Tue, Oct 28, 2003 at 13:23:43 +0100, Adam Hardy wrote:
BTW, what are css attacks?
Cross-site scripting attack. If an attacker can put text into your
application which are echoed back verbatim within the HTML source for
different users, the attacker can insert javascript code to "steal" the
cookies and other malicious things, which will be executed by the victim
when the page is rendered in his/her browser. To avoid such attacks, you
should for example make sure you HTML encode data you send (i.e. change
< and > to < and > etc)
Ah, ok. Thought it might be something to do with style sheets. Thanks.
Adam
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
