http://alexking.org/blog/2008/08/12/debugging-an-xss-attack Alex King's blog - software, photography, sports, etc. Wed, 07 Jan 2009 20:44:56 +0000 http://wordpress.org/?v=2.2.3 http://alexking.org/blog/2008/08/12/debugging-an-xss-attack#comment-64546 David O'Shea Fri, 05 Sep 2008 01:16:59 +0000 http://alexking.org/blog/2008/08/12/debugging-an-xss-attack#comment-64546 "Strip out tags/content you don’t want to support": I have seen the advice, which I agree with, that you should instead strip out ALL tags/content except that which you DO want to support. If you just strip out things that are "bad", you might forget something or possibly not know about some special tag which can be used for an exploit on some particular browser. Only letting through the things which you know for sure are okay is safer and more "future proof". “Strip out tags/content you don’t want to support”: I have seen the advice, which I agree with, that you should instead strip out ALL tags/content except that which you DO want to support. If you just strip out things that are “bad”, you might forget something or possibly not know about some special tag which can be used for an exploit on some particular browser. Only letting through the things which you know for sure are okay is safer and more “future proof”.

]]> http://alexking.org/blog/2008/08/12/debugging-an-xss-attack#comment-64277 Stefan Fri, 15 Aug 2008 09:36:41 +0000 http://alexking.org/blog/2008/08/12/debugging-an-xss-attack#comment-64277 And again I've learned a lot about XSS! Thanks Alex! And again I’ve learned a lot about XSS!
Thanks Alex!

]]> http://alexking.org/blog/2008/08/12/debugging-an-xss-attack#comment-64256 ddos help Wed, 13 Aug 2008 17:29:10 +0000 http://alexking.org/blog/2008/08/12/debugging-an-xss-attack#comment-64256 The thing that makes XSS attacks nastier than, for example, injections is that creating an XSS vulnerability in your web application is much easier than MySql injection for example. I have personally had to combat XSS vulnerabilities and sometimes they can also be pretty hard to find. The thing that makes XSS attacks nastier than, for example, injections is that creating an XSS vulnerability in your web application is much easier than MySql injection for example. I have personally had to combat XSS vulnerabilities and sometimes they can also be pretty hard to find.

]]> http://alexking.org/blog/2008/08/12/debugging-an-xss-attack#comment-64251 Joe Casabona Wed, 13 Aug 2008 03:26:59 +0000 http://alexking.org/blog/2008/08/12/debugging-an-xss-attack#comment-64251 Thanks Alex- Great post! I've been careful about things like SQL injections. Now I know to look for these kinds of attacks too. Thanks Alex- Great post! I’ve been careful about things like SQL injections. Now I know to look for these kinds of attacks too.

]]>