tungwaiyip.info

home

about me

links

Media

Yucatán Photos

St Lucia Photos

Photo Album

Videos

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Brexit: EU demands 'serious UK response' on citizens' rights (29 Apr 2017)

 

North Korea crisis: North in another 'failed' missile launch (29 Apr 2017)

 

Turkish authorities block Wikipedia without giving reason (29 Apr 2017)

 

France election: Marine Le Pen would make Dupont-Aignan PM (29 Apr 2017)

 

Tense moment plane lands without wheel (29 Apr 2017)

 

Italian woman 'returns mixed-race surrogate baby' (29 Apr 2017)

 

Hungary education law: Orban 'to meet EU demands' (29 Apr 2017)

 

El Salvador zoo: Prosecutors investigate 'suspicious deaths' (29 Apr 2017)

 

China deports US 'spy' Sandy Phan-Gillis after conviction (29 Apr 2017)

 

Ted 2017: Elon Musk's vision for underground road system (28 Apr 2017)

more »

 

SF Gate

 

Bay Area News (7 Jan 2012)

 

City Insider (11 Feb 2012)

 

Crime Scene (13 Feb 2012)

 

C.W Newius Column (10 Jan 2012)

 

C.W. Nevius Blog (11 Feb 2012)

 

Education News (10 Jan 2012)

 

KALW (11 Feb 2012)

 

Matier and Ross Blog (11 Feb 2012)

 

California issues historic medical marijuana rules (29 Apr 2017)

 

In dot-com bubble time, it’s still only 1997 for U.S. equities (29 Apr 2017)

 

ICYMI: Trump’s job hard, dirty jeans scorned, Charmin for Butt (29 Apr 2017)

 

Craigslist sues Instamotor for allegedly re-posting car ads (29 Apr 2017)

 

Wait for calorie count on burgers, pizza may get longer (28 Apr 2017)

 

The biggest regrets people have after buying a home (28 Apr 2017)

more »

 


Site feed Updated: 2017-Apr-29 12:00