I mean that you don't provide remove tab function
don't you?
My English is not very well, forgive me

 
2006/6/22, Ivan Ristic <ivan.ristic@gmail.com>:
On 6/22/06, j liu <normliu@gmail.com> wrote:
>
> Thank you very much
> and
> Embedded tab to break up the cross site scripting attack:
> <IMG SRC="jav ascript:alert('XSS');">
> Embedded encoded tab to break up XSS
> <IMG SRC="jav&#x09;ascript:alert('XSS');">
> how to prevent above?

From my head:

SecRule ARGS (javascript:|vbscript:|data:)
t:none,t:htmlEntityDecode,t:lowercase,t:replaceNulls,t:removeWhitespace

(Note: It is not necessary to specify anti-evasion actions with every rule.)

--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall



--
------------------------------------------------
LIUJ