tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

German elections: Centre-left narrowly wins against Merkel's party (27 Sep 2021)

 

German elections usher in political change with a small 'c' (27 Sep 2021)

 

COP26: Australia PM undecided on attending crucial climate summit (27 Sep 2021)

 

Swipe left or right? Germany's election dating game, explained (27 Sep 2021)

 

Afghanistan: Taliban ban Helmand barbers from trimming beards (26 Sep 2021)

 

Interviewing the Taliban: 'Still now I am terrified' (26 Sep 2021)

 

Fuel supply: UK suspends competition law to get petrol to forecourts (27 Sep 2021)

 

Power outages hit homes in north-east China (27 Sep 2021)

 

Iceland misses out on female majority after recount (26 Sep 2021)

 

San Marino votes to legalise abortion in referendum (26 Sep 2021)

more »

 

SF Gate

 

13 Best Background Check Sites & Services: Search Criminal Records and Social Media Accounts Online (28 Jul 2021)

 

It pays to search for top-quality auto shop (6 Feb 2021)

 

Fired Boeing CEO is now working with Bay Area tractor startup (14 Dec 2020)

 

PG&E bills to rise over per year on average to fund wildfire risk reduction (5 Dec 2020)

 

Nasdaq seeks more diversity on boards of companies listed on exchange (2 Dec 2020)

 

Elizabeth Holmes Prosecutors Say Texts Show Theranos Beset With Problems (24 Nov 2020)

more »


Site feed Updated: 2021-Sep-23 00:00