in reply to Preventing Cross-site Scripting Attacks

I was certainly delighted to read the article. Often, I find a lot of interesting stuff at www.securityfocus.com.

It surprises how easy it is to fool HTML aware sites that lack proper protection/filtering mechanisms. I'm wondering, also, if perlmonks.com is 100% secure from those types of attacks. Let me test it right here by including <LINK REL=STYLESHEET TYPE="text/javascript" SRC=""> tag inside my post:

<LINK REL=STYLESHEET TYPE="text/javascript" SRC="">

I'm sure however this wouldn't work, since these posts are filtered and anything other than a set of accepted tags (such as readmore and common bracketed tags) is tossed away.

"There is no system but GNU, and Linux is one of its kernels." -- Confession of Faith
  • Comment on Re: Preventing Cross-site Scripting Attacks