tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

UK cabinet row over PM's Brexit delay bid (19 Mar 2019)

 

Brexit: Merkel vows to fight for orderly process (19 Mar 2019)

 

Cyclone Idai: 'Massive disaster' in Mozambique and Zimbabwe (19 Mar 2019)

 

Boeing expects 737 Max software fix by end of March (19 Mar 2019)

 

Using drones to deliver blood in Rwanda (19 Mar 2019)

 

US-backed Syrian fighters 'overrun IS encampment' (19 Mar 2019)

 

Kazakh leader Nazarbayev resigns after three decades (19 Mar 2019)

 

Supreme Court sides with Trump on immigration detention (19 Mar 2019)

 

Israel elections: 'Fascism' perfume ad sparks online debate (19 Mar 2019)

 

Google reveals gaming platform Stadia (19 Mar 2019)

more »

 

SF Gate

 

Racing against China, U.S. reveals details of million supercomputer (18 Mar 2019)

 

Women in economics report rampant sexual assault and bias (18 Mar 2019)

 

The A-list heads to Apple as challenge to Netflix takes shape (18 Mar 2019)

 

Ship traffic, March 19 (18 Mar 2019)

 

Facebook’s messaging ambitions amount to much more than chat (17 Mar 2019)

 

A better way to break up big tech (17 Mar 2019)

more »


Site feed Updated: 2019-Mar-19 12:00