tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Bernie Sanders cements front-runner status with Nevada caucuses win (23 Feb 2020)

 

Coronavirus: Italy imposes strict lockdown in outbreak hotspots (23 Feb 2020)

 

Coronavirus: Russia denies spreading US conspiracy on social media (23 Feb 2020)

 

L'Arche founder Jean Vanier sexually abused women - internal report (22 Feb 2020)

 

Hip-hop's iconic photos go on display (23 Feb 2020)

 

Quaden Bayles: Bullied Australian boy leads out all-star rugby team (22 Feb 2020)

 

Saudi rapper faces arrest for Mecca Girl music video (22 Feb 2020)

 

Brexit: Emmanuel Macron 'not sure' of UK-EU trade deal by end of year (23 Feb 2020)

 

Elderly wild bear roams California town (22 Feb 2020)

 

South Sudan rivals Salva Kiir and Riek Machar strike unity deal (22 Feb 2020)

more »

 

SF Gate

 

Ship traffic, February 23 (22 Feb 2020)

 

Firms encouraged to shift strategy after startup stage (22 Feb 2020)

 

In a Chinese city under lockdown, hope arrives by motorbike (21 Feb 2020)

 

Wells Fargo settles fake account scandal for billion (21 Feb 2020)

 

Stocks sink, Treasurys soar as investors seek safety (21 Feb 2020)

 

New Mexico sues Google over children’s privacy violations (21 Feb 2020)

more »


Site feed Updated: 2020-Feb-22 21:00