Hey Koen,
2010/10/25 Koen Deforche <[email protected]>
> Hey Raindog, Dmitriy,
>
> 2010/10/25 Dmitriy Igrishin <[email protected]>:
> > Hey,
> >
> > I remember some incident in Wt's chat (SimpleChatWidget) in August.
> > I believe that XSS filter must be improved.
>
> The XSS filter can be improved, but ASFAIK, that someone was able to
> insert a rather large image in the simplechat does not qualify as an
> XSS (which would imply that someone is able to insert arbitrary
> JavaScript).
>
Yep, it was a really huge image :-) But, you are right indeed, its wasn't an
XSS
attack.
>
> The simplechat is definitely the easiest test-bed for XSS attacks: it
> depends entirely on the XSS filter: it allows a user to insert
> arbitrary XHTML and filters out active content before sending it
> around.
>
> > 2010/10/25 Raindog <[email protected]>
> >>
> >> Hello,
> >>
> >> As a person working in the antivirus industry and a developer just
> >> starting to use Wt, I am interested in how many security vulnerabilities
> >> have been found/reported/fixed.
>
> The only security vulnerability that we have dealt with, was mentioned
> in the release notes for Wt 3.1.1 (February this year).
>
> It's a long stretch to conclude that Wt does not contain security
> problems, of course, but its structure prevents many common
> web-related security problems.
>
Thats great! :-)
>
> Regards,
> koen
>
>
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America
> contest
> Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in
> marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> witty-interest mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/witty-interest
>
--
// Dmitriy.
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
witty-interest mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/witty-interest
