I'd like to be able to add myself (and maintain my bio) to the who we are
page. Could I please have sufficient karma for my user account: jstrachan
Many thanks.
James
_
Do You Yahoo!?
Get your free @yahoo.com address at
What exactly do you mean by cross site scripting and could you give
pointers to the examples your talking about in PHP, Perl and C?
gio
Jon Stevens wrote:
Sadly, it seems that the Java world really hasn't taken the cross site
scripting issues seriously. Only a few projects within Jakarta have
On Sun, 18 Nov 2001, Peter Donald wrote:
* there is no formal syntax defined for Extension-Name or
Implementation-Vendor-Id. By convention most people use the name of the java
packages (ie reverse dns names in most cases) but this is not required.
It's a name - I don't think it needs a
Hello There,
I m getting Dr. Watson Error , very frequently.., many times in a day.
I m having NT4.0 , SQL7.0
pls help..
vikas
mail2web - Check your email from the web at
http://mail2web.com/ .
--
To unsubscribe,
Are you, perhaps, using the JDBC-ODBC bridge? 99% of the time this
is the reason that people complain about crashes on Windows - you are using
a piece of software that is experimental and not thread safe (the bridge)
and its causing the JVM to crash. Switch to different database
Wow, you fit my first paragraph perfectly.
http://httpd.apache.org/info/css-security/index.html
-jon
on 11/20/01 5:11 AM, Steve Giovannetti [EMAIL PROTECTED] wrote:
What exactly do you mean by cross site scripting and could you give
pointers to the examples your talking about in PHP, Perl
Not Java, but I guess that just Illustrates the point you're making! :-)
I'd be happy to translate some of my perl if you like.
d.
-Original Message-
From: Jon Stevens [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 20, 2001 6:44 PM
To: [EMAIL PROTECTED]
Subject: Re: Cross site
Within the standard Jakarta documentation tools, i.e. jakarta-site2 and
anakia, is their a way to build a keyword index?
Paul Spencer
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
on 11/20/01 11:51 AM, Paul Spencer [EMAIL PROTECTED] wrote:
Within the standard Jakarta documentation tools, i.e. jakarta-site2 and
anakia, is their a way to build a keyword index?
Paul Spencer
You can use the tools available to help you create it, but there is nothing
specifically there
on 11/20/01 10:58 AM, Steve Giovannetti [EMAIL PROTECTED] wrote:
In the interest of breaking the chains of my cross site scripting
ignorance, I'm assuming that the offending SCRIPT needs to be blocked
from POST or GET requests made by users to JSP/Servlets on the target
server?
Nope. The
I was trying to look at this from the standpoint of how does the
offending script get on your site in the first place. Let's say you
have a discussion board and you want to make sure no one puts nasty suff
in SCRIPT tags in their postings. But from what I gather is your
interested in
-Original Message-
From: Jon Stevens [mailto:[EMAIL PROTECTED]]
Part of the problem with this security hole is that, for some
reason, it is
hard for a lot of people to even get a basic comprehension of it (even
though it is so well documented). I think that is why a lot of people
Jon,
First off, Bravo! for starting this thread! IMO it's a serious problem,
and people like Charles Schwab are vulnerable to CSS vulnerabilities and as
far as I know, haven't done a thing about it. (For everybody: CSS in this
case is Cross site scripting, not cascading style sheets... we
on 11/20/01 12:43 PM, Steve Giovannetti [EMAIL PROTECTED] wrote:
I was trying to look at this from the standpoint of how does the
offending script get on your site in the first place. Let's say you
have a discussion board and you want to make sure no one puts nasty suff
in SCRIPT tags in
From: Jon Stevens [mailto:[EMAIL PROTECTED]]
Does anyone have code they want to contribute to get this started? How
are
you currently dealing with these issues? What is your favorite way to
escape
things? Do you filter/escape all content or only some content? Etc.
In the world of XSL, I think
15 matches
Mail list logo