tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Ethiopia's Tigray crisis: Army 'enters regional capital of Mekelle' (28 Nov 2020)

 

France: Tear gas fired as protesters rally against police security bill (28 Nov 2020)

 

Mohsen Fakhrizadeh: Iran blames Israel for killing top scientist (28 Nov 2020)

 

The Kraken: What is it and why has Trump's ex-lawyer released it? (28 Nov 2020)

 

Carrie Lam: Hong Kong's leader says she has to keep piles of cash at home (28 Nov 2020)

 

Deadly flooding hits Sardinia after heavy rains (28 Nov 2020)

 

US election: Appeal court dismisses Trump camp's lawsuit in Pennsylvania (27 Nov 2020)

 

Zappos ex-boss and Las Vegas entrepreneur Tony Hsieh, 46, dies after house fire (28 Nov 2020)

 

Maradona: Funeral worker apologises over coffin photos (28 Nov 2020)

 

The demolition of Kabul's iconic cinema (28 Nov 2020)

more »

 

SF Gate

 

Elizabeth Holmes Prosecutors Say Texts Show Theranos Beset With Problems (24 Nov 2020)

 

Ship traffic, November 1 (30 Oct 2020)

 

Ship traffic, November 2 (30 Oct 2020)

 

Ship traffic, October 31 (30 Oct 2020)

 

Ship traffic, October 30 (29 Oct 2020)

 

Ship traffic, October 29 (28 Oct 2020)

more »


Site feed Updated: 2020-Nov-28 09:00