Re: [mod-security-users] about Data encoding
Brought to you by:
victorhora,
zimmerletw
From: Ivan R. <iva...@gm...> - 2006-06-26 07:55:49
|
Yes - htmlEntityDecode. On 6/26/06, j liu <no...@gm...> wrote: > > 09 (horizontal tab), 10 (newline) and 13 (carriage return) > > <IMG SRC="jav	ascript:alert('XSS');"> > <IMG SRC="jav
ascript:alert('XSS');"> > <IMG SRC="jav
ascript:alert('XSS');"> > these three can work in xss attack > do you provide the remove function? > thanks! -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |