On Tue, May 10, 2005 14:55, Ulf Harnhammar wrote:
Protecting against this type of attack is much more complicated than
this. As Jeroen noted, HTML entities are interpreted, so you have to
protect against things like jav#97;script:. Some browsers allow varying
amounts of whitespace inside
(Sorry for not doing this as a real reply with the correct mail headers,
but I'm not subscribed to debian-security, I only read it on the web.)
| + $text = preg_replace('#(script|about|applet|activex|chrome):#is',
\\1#058;, $text);
It looks like this is about preventing URL's like img
tags 308282 + patch
thanks
Hello.
According to the upstream forum, this security issue is resolved in
2.0.15.
Find attached a diff made against 2.0.15 and our last sid version.
It looks like this patch can be applied to close the bug.
Regards.
--
Alexis
On Mon, May 09, 2005 at 12:11:06PM +0200, Alexis Sukrieh wrote:
Find attached a diff made against 2.0.15 and our last sid version.
| + $text = preg_replace('#(script|about|applet|activex|chrome):#is',
\\1#058;, $text);
It looks like this patch can be applied to close the bug.
Ok, based
4 matches
Mail list logo
