Re: [mod-security-users] about Data encoding
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] about Data encoding
|
From: Ivan R. <iva...@gm...> - 2006-06-26 07:55:49
|
Yes - htmlEntityDecode.
On 6/26/06, j liu <no...@gm...> wrote:
>
> 09 (horizontal tab), 10 (newline) and 13 (carriage return)
>
> <IMG SRC="jav	ascript:alert('XSS');">
> <IMG SRC="jav
ascript:alert('XSS');">
> <IMG SRC="jav
ascript:alert('XSS');">
> these three can work in xss attack
> do you provide the remove function?
> thanks!
--
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall
|