tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Trump lawyer 'paid by Ukraine' to arrange White House talks (23 May 2018)

 

NFL teams to be fined if players kneel during anthem (23 May 2018)

 

US warns staff in China: Beware of unusual sounds (23 May 2018)

 

Trump administration launches vehicle import probe (24 May 2018)

 

Royal wedding 2018: Preacher on becoming 'breakout star' (23 May 2018)

 

Italy president names novice Giuseppe Conte as populist PM (23 May 2018)

 

Son shares mother's moving letter 'forgiving trumpet debt' (24 May 2018)

 

Row over New Zealand student magazine's 'period issue' (24 May 2018)

 

Sterling Brown: Milwaukee police release arrest video (24 May 2018)

 

Iran nuclear deal: Khamenei lists demands for European powers (23 May 2018)

more »

 

SF Gate

 

Bay Area News (7 Jan 2012)

 

City Insider (11 Feb 2012)

 

Crime Scene (13 Feb 2012)

 

C.W Newius Column (10 Jan 2012)

 

C.W. Nevius Blog (11 Feb 2012)

 

Education News (10 Jan 2012)

 

KALW (11 Feb 2012)

 

Matier and Ross Blog (11 Feb 2012)

 

As Disney moves forward with Fox, Comcast continues plotting (23 May 2018)

 

Musk Suggests Big Oil Fuels Critical Media Coverage of Tesla (23 May 2018)

 

Lyft to open 30 more driver 'hubs' across US for drivers to take breaks, tune up cars (23 May 2018)

 

Gene therapies get easier path to FDA approval (23 May 2018)

 

Business News Roundup, May 23 (23 May 2018)

 

US, China work on ZTE rescue (22 May 2018)

more »

 


Site feed Updated: 2018-May-23 21:00