tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Trump dismisses North Korean tests of 'some small weapons' (26 May 2019)

 

German Jews warned not to wear kippas after rise in anti-Semitism (26 May 2019)

 

Raab and Leadsom join race for UK Tory leadership (25 May 2019)

 

Papua New Guinea Prime Minister Peter O'Neill resigns (26 May 2019)

 

Saudi women runners push boundaries on the streets (25 May 2019)

 

Divorce referendum: Ireland votes to liberalise laws (26 May 2019)

 

Everest: British man among latest mountain deaths (25 May 2019)

 

Rescued hiker: 'It came down to life and death and I had to chose' (26 May 2019)

 

Russia ordered to release Ukraine sailors (25 May 2019)

 

Israel protests: Thousands rally against Netanyahu immunity (25 May 2019)

more »

 

SF Gate

 

New Coke was a debacle. It’s coming back. Blame Netflix (25 May 2019)

 

Best headphones from to (25 May 2019)

 

Vice tries to turn the page by making content for others (25 May 2019)

 

CEOs get ,000 pay raise, leaving workers further behind (24 May 2019)

 

Theme park attendance crosses half-billion mark for 1st time (24 May 2019)

 

Authorities raid 247 Colorado homes growing black market pot (24 May 2019)

more »


Site feed Updated: 2019-May-26 00:00