>>>>> "SC" == Steven Champeon <[EMAIL PROTECTED]> writes: SC> developers and designers) for Webmonkey: SC> http://hotwired.lycos.com/webmonkey/00/18/index3a.html SC> If you want to see what sort of stuff the XSS problem opens you up for, SC> just try appending ?tw=<script>alert("aha!");</script> to the URL above. Why on earth would you take user input and output it verbatim to your pages? Rule number 1 of developing a web site is to never trust the user's input values. *Always* validate it against what you're expecting. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-301-545-6996 PGP & MIME spoken here http://www.kciLink.com/home/khera/
- Security in displaying arbitrary HTML Jeremy Howard
- Re: Security in displaying arbitrary HTML Marc Slemko
- Re: Security in displaying arbitrary HTML Nick Tonkin
- Re: Security in displaying arbitrary HTML Marc Slemko
- Re: Security in displaying arbitrary HT... Steven Champeon
- Re: Security in displaying arbitra... Vivek Khera
- Re: Security in displaying arb... Steven Champeon
- Re: Security in displaying arb... Marc Slemko
- Re: Security in displaying arb... Matt Sergeant
- Re: Security in displaying... Dirk Lutzebaeck
- Re: Security in displaying... Dirk Lutzebaeck
- RE: Security in displaying... Gerald Richter
- RE: Security in displaying... Matt Sergeant
- Re: Security in displaying... Marc Slemko
- Re: Security in displaying... Matt Sergeant
- Re: Security in displaying... Gunther Birznieks
