Hi folks, We've implemented the portcullis xss filter with success but we are coming across some false positives that I wanted to run by the big brains on this list.
One example is the word "exec" as in "marketing exec" which is getting filtered when it shouldn't be. The developer on our end in this case has noted that: ----------------------------------------------------- "It currently detects "exec" or "execute" followed by a space character or URL encoded space character (%20). To reduce false positives, we will need to get a list of dangerous system stored procedures to use in the regular expression." ----------------------------------------------------- I'm hoping that this kind of problem has already been solved and we don't have to re-create the wheel. Thoughts? As always, thank you in advance for your help. Nick ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:341011 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
