[typo] XSS vulnerability?
wyldeone at gmail.com
Sat Nov 26 19:48:08 EST 2005
Both the blog at rubyonrails.org and the one at typogarden.org are also
vulnerable to this (though their text filters also translate quotation marks
into html entities.)
On 11/26/05, Kevin Ballard <kevin at sb.org> wrote:
> I just ran `rake' on my trunk and got no failures at all. And yet the
> example XSS mostly works for me (it doesn't actually display an alert
> because my textfilter translates " into an entity, but that can be
> worked around).
> On Nov 26, 2005, at 8:45 AM, Scott Laird wrote:
> > Argh! It's supposed to be filtered. What happens when you run
> > 'rake'? There's are several XSS-related tests, do any tests fail?
> Kevin Ballard
> kevin at sb.org
> Typo-list mailing list
> Typo-list at rubyforge.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Typo-list