What do you mean? Do you have an example of an XSS attack on Roller? I believe it's only possible if you allow HTML in comments. And even that is sanitized to only allow certain elements.
Matt On Wed, Apr 30, 2008 at 1:23 AM, Nick Lothian <[EMAIL PROTECTED]> wrote: > Is there a way to disable XSS attacks via the Roller blog entry form? > > Apparently later versions of xinha (the HTML editor) have an option to help > with this, but Roller appears to be using a much earlier version. > > Has anyone looked at this? > > Nick > > IMPORTANT: This e-mail, including any attachments, may contain private or > confidential information. If you think you may not be the intended recipient, > or if you have received this e-mail in error, please contact the sender > immediately and delete all copies of this e-mail. If you are not the intended > recipient, you must not reproduce any part of this e-mail or disclose its > contents to any other party. This email represents the views of the > individual sender, which do not necessarily reflect those of education.au > limited except where the sender expressly states otherwise. It is your > responsibility to scan this email and any files transmitted with it for > viruses or any other defects. education.au limited will not be liable for any > loss, damage or consequence caused directly or indirectly by this email. > -- http://raibledesigns.com
