[typo] XSS vulnerability?
rsanheim at gmail.com
Mon Dec 5 14:47:27 EST 2005
On 11/26/05, Micah Wylde <wyldeone at gmail.com> wrote:
> Both the blog at rubyonrails.org and the one at typogarden.org are also
> vulnerable to this (though their text filters also translate quotation marks
> into html entities.)
> On 11/26/05, Kevin Ballard <kevin at sb.org> wrote:
> > I just ran `rake' on my trunk and got no failures at all. And yet the
> > example XSS mostly works for me (it doesn't actually display an alert
> > because my textfilter translates " into an entity, but that can be
> > worked around).
> > On Nov 26, 2005, at 8:45 AM, Scott Laird wrote:
> > > Argh! It's supposed to be filtered. What happens when you run
> > > 'rake'? There's are several XSS-related tests, do any tests fail?
> > --
> > Kevin Ballard
> > kevin at sb.org
> > http://www.tildesoft.com
> > http://kevin.sb.org
> > _______________________________________________
> > Typo-list mailing list
> > Typo-list at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/typo-list
> Micah Wylde
> Typo-list mailing list
> Typo-list at rubyforge.org
Was there ever a resolution to this?
More information about the Typo-list