Menu
▾
▴
Re: [Owasp-input-api-developers] I have an immediate application for the filters!
|
From: Gabriel L. <ga...@bu...> - 2002-07-09 22:29:13
|
Unfortunetly I couldn't find exact details... But here is a general description: http://groups.google.com/groups?q=guninski+hotmail+style+sheets&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&selm=37DEBE41.341844AE%40yahoo.com&rnum=1 Note: iframe is also a tag that seems to cause all kinds of trouble for XSS vunerabilities... -=gabe On Tue, 2002-07-09 at 15:11, Gabriel Lawrence wrote: > On Tue, 2002-07-09 at 15:00, Alex Russell wrote: > > CSS (by which I assume you mean Cascading Style Sheets) is no way > > affects Javascript, nor does it create active/scriptable content. It is > > formatting for document structure. Can it be used malicously? Perhaps, > > but it is also trivial to filter. It is not nearly as dangerous as > > JavaScript/ActiveX, nor does it present any threat that "regular" html > > content does not. > > I'll try and dig it up, but I think there is a way to inject script > using cascading style sheets. One of the more recent hotmail problems if > I recall correctly... > > -gabe > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Stuff, things, and much much more. > http://thinkgeek.com/sf > _______________________________________________ > Owasp-input-api-developers mailing list > Owa...@li... > https://lists.sourceforge.net/lists/listinfo/owasp-input-api-developers |
