tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

UK political storm over seized tanker (21 Jul 2019)

 

Hong Kong protests: Police fire tear gas at demonstrators (21 Jul 2019)

 

Ukraine election: President Zelensky's party triumphs - exit polls (21 Jul 2019)

 

Portugal wildfires: Huge blazes force evacuations (21 Jul 2019)

 

South Africa's Cyril President Ramaphosa hits back in corruption row (21 Jul 2019)

 

Ocasio-Cortez: Trump is 'putting millions of Americans in danger' (21 Jul 2019)

 

Golf: Lowry claims first major with Open win (21 Jul 2019)

 

Comic Con: Marvel reveals Blade, Shang Chi and female Thor (21 Jul 2019)

 

Britain's chancellor to quit if Johnson becomes PM (21 Jul 2019)

 

SOS Méditerranée resumes Mediterranean migrant rescues (21 Jul 2019)

more »

 

SF Gate

 

Google Glass lives on as a device to teach autistic children (21 Jul 2019)

 

The best-sounding true wireless headphones (21 Jul 2019)

 

‘Dumbfake’ videos may be worse than deepfakes? (20 Jul 2019)

 

Despite high hopes, self-driving cars are ‘way in the future’ (20 Jul 2019)

 

Dream of retiring abroad? The reality: Medicare doesn’t travel well (19 Jul 2019)

 

Trump says he may intervene in huge Pentagon cloud contract (19 Jul 2019)

more »


Site feed Updated: 2019-Jul-21 12:00