Hey Raindog, Dmitriy, 2010/10/25 Dmitriy Igrishin <[email protected]>: > Hey, > > I remember some incident in Wt's chat (SimpleChatWidget) in August. > I believe that XSS filter must be improved.
The XSS filter can be improved, but ASFAIK, that someone was able to insert a rather large image in the simplechat does not qualify as an XSS (which would imply that someone is able to insert arbitrary JavaScript). The simplechat is definitely the easiest test-bed for XSS attacks: it depends entirely on the XSS filter: it allows a user to insert arbitrary XHTML and filters out active content before sending it around. > 2010/10/25 Raindog <[email protected]> >> >> Hello, >> >> As a person working in the antivirus industry and a developer just >> starting to use Wt, I am interested in how many security vulnerabilities >> have been found/reported/fixed. The only security vulnerability that we have dealt with, was mentioned in the release notes for Wt 3.1.1 (February this year). It's a long stretch to conclude that Wt does not contain security problems, of course, but its structure prevents many common web-related security problems. Regards, koen ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ witty-interest mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/witty-interest
