tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Ex-FTX boss Bankman-Fried: 'I didn't try to commit fraud' (01 Dec 2022)

 

Cyril Ramaphosa: South African president faces threat of impeachment over 'Farmgate' (01 Dec 2022)

 

Christine McVie, Fleetwood Mac singer-songwriter, dies aged 79 (01 Dec 2022)

 

Lady Susan Hussey quits over remarks to charity boss Ngozi Fulani (30 Nov 2022)

 

Spectacular scenes as Hawaii volcano erupts (30 Nov 2022)

 

Danny Masterson: Jury fails to reach a verdict in rape case against That 70s Show actor (01 Dec 2022)

 

Canada: Ambassador tells EU that deforestation rules 'burdensome' (01 Dec 2022)

 

Idaho stabbings: Families deliver tributes for the four victims at vigil (01 Dec 2022)

 

San Francisco to allow police 'killer robots' (30 Nov 2022)

 

Musk says Twitter feud with Apple boss 'resolved' (01 Dec 2022)

more »

 

SF Gate

 

San Francisco food delivery giant DoorDash lays off 1,250 employees (30 Nov 2022)

 

20-year-old California student creates viral Spotify festival poster app (29 Nov 2022)

 

Elon Musk’s Twitter cuts COVID misinformation policy, guts child safety protections (29 Nov 2022)

 

Elon Musk’s Twitter is reportedly failing to pay some employees (28 Nov 2022)

 

Bay Area tech mainstay HP to lay off up to 6,000 people (26 Nov 2022)

 

Elon Musk signals his support for Ron DeSantis in 2024 on Twitter (25 Nov 2022)

more »


Site feed Updated: 2022-Nov-30 21:00