tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Coronavirus: Biden's .9tn Covid relief bill passes House vote (27 Feb 2021)

 

Nigeria kidnappings: Hunt for 300 girls as second abducted school group freed (27 Feb 2021)

 

Lady Gaga's dogs found safe after armed robbery (27 Feb 2021)

 

Jamal Khashoggi: How intelligence report could dent US-Saudi ties for years (26 Feb 2021)

 

Texas sea turtles released back into sea after cold front eases (26 Feb 2021)

 

Climate change: Carbon emission promises 'put Earth on red alert' (26 Feb 2021)

 

Jamal Khashoggi: US says Saudi prince approved Khashoggi killing (26 Feb 2021)

 

Tiger Woods car crash: Golfer 'in good spirits' after latest treatment (27 Feb 2021)

 

BTS: Radio host apologises for comparing band to Covid (26 Feb 2021)

 

Texas weather: Biden visits state amid recovery from deadly cold snap (26 Feb 2021)

more »

 

SF Gate

 

It pays to search for top-quality auto shop (6 Feb 2021)

 

Fired Boeing CEO is now working with Bay Area tractor startup (14 Dec 2020)

 

PG&E bills to rise over per year on average to fund wildfire risk reduction (5 Dec 2020)

 

Nasdaq seeks more diversity on boards of companies listed on exchange (2 Dec 2020)

 

Elizabeth Holmes Prosecutors Say Texts Show Theranos Beset With Problems (24 Nov 2020)

 

Ship traffic, November 1 (30 Oct 2020)

more »


Site feed Updated: 2021-Feb-26 03:00