Taras, On Mon, Sep 17, 2012 at 5:36 PM, Taras <ox...@oxdef.info> wrote: > Andres, > > Hi! > > There is nothing new in this post. The author have found that ok, we can use > back slash to escape single quote...
Yep, I know its nothing new, but just wanted to know if it was covered by your code, > But we can add back slash as context breaker symbol for quoted strings in JS > context. Does it make sense? Does it work in all cases? >> Have you seen this? [0] Do you think it would be a good idea to >> have coverage/contexts for it? >> >> [0] >> http://nileshkumar83.blogspot.com.ar/2012/05/bypassing-xss-filter-in-alert-msg-box_18.html >> >> Regards, >> > > > -- > Taras > http://oxdef.info > GPG: C8D1F510 -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
