tungwaiyip.info

home

about me

links

Blog

< July 2004 >
SuMoTuWeThFrSa
     1 2 3
4 5 6 7 8 910
11121314151617
18192021222324
25262728293031

past articles »

Click for San Francisco, California Forecast

San Francisco, USA

 

Checking for Cross-Site Scripting Vulnerability

Netcraft.com brings my attention to cross-site scripting security problem. I have examined this website for vulnerabilities. This problem is usually caused by systems not checking input received from user or third party before using it. One place this website receives input is the RSS new feeds. I have crafted a test RSS with embedded javascript. Some RSS feeder (including this website) display the content as is. They should have (arguably) strip off the embedded script before displaying it. I promptly plugged this by escaping the meta characters before outputting them on the web pages.

An important element for cross-site scripting is that a third party can use a reputable website as a conduit to inject questionable code in their context. In this case the news feeder's communication is only between this website and the news source. I am not aware of any loop hole for third party to get involved. But in the world of open communication it is better to be safe to test for all input before use.

2004.07.20 [, ] - comments

 

 

blog comments powered by Disqus

past articles »

 

BBC News

 

Brett Kavanaugh: Judge accuser agrees to testify next week (22 Sep 2018)

 

Iran blames Gulf rivals for deadly Ahvaz attack (22 Sep 2018)

 

Moment gunmen open fire on Iran parade (22 Sep 2018)

 

Sky: Comcast outbids Fox with £30bn bid for broadcaster (22 Sep 2018)

 

Lake Victoria Tanzania ferry disaster: Survivor found in air pocket (22 Sep 2018)

 

Hong Kong express rail link launches amid controversy (22 Sep 2018)

 

Paul Gosar: Siblings savage congressman in attack advert (22 Sep 2018)

 

Asian rivals eye 'flawed' Maldives poll (22 Sep 2018)

 

UK: Don't mistake politeness for weakness (22 Sep 2018)

 

China Catholic bishops: Historic deal with Vatican reached (22 Sep 2018)

more »

 

SF Gate

 

The best 65-inch 4K televisions (22 Sep 2018)

 

Nintendo is finally online, a decade late and without key features (22 Sep 2018)

 

Gilead facing doubts on Wall Street a year after billion Kite deal (21 Sep 2018)

 

Inside Facebook’s election War Room (21 Sep 2018)

 

Appeals court will consider class-action question in Microsoft gender case (21 Sep 2018)

 

S&P 500 gets new look as it shuffles some key companies (21 Sep 2018)

more »


Site feed Updated: 2018-Sep-22 15:00