Menu
▾
▴
Re: [Owasp-input-api-developers] I have an immediate application for the filters!
|
From: Gabriel L. <ga...@bu...> - 2002-07-09 22:12:11
|
On Tue, 2002-07-09 at 15:00, Alex Russell wrote: > CSS (by which I assume you mean Cascading Style Sheets) is no way > affects Javascript, nor does it create active/scriptable content. It is > formatting for document structure. Can it be used malicously? Perhaps, > but it is also trivial to filter. It is not nearly as dangerous as > JavaScript/ActiveX, nor does it present any threat that "regular" html > content does not. I'll try and dig it up, but I think there is a way to inject script using cascading style sheets. One of the more recent hotmail problems if I recall correctly... -gabe |
