Loading ...
Sorry, an error occurred while loading the content.

96Re: ADsafe, Take 6

Expand Messages
  • collin_jackson
    Oct 16, 2007
      <div x="\"><img onload=alert(42)

      --- In caplet@yahoogroups.com, "Douglas Crockford" <douglas@...>
      > The next step is to secure HTML fragments. JSLint has an HTML
      > option. When used with ADsafe, it will accept a <div> or <iframe>
      > its contents. It will be inspected for XSS attacks and other
      > The <div> may contain a <script> that will also be vetted and
      > The biggest open issue is policy on id's of HTML elements. I'll be
      > working with our ad system people to resolve that.
      > Safe HTML makes safe JS look easy. Really easy. Please let me know
      > what XSS attacks get passed.
      > http://www.JSLint.com/
    • Show all 30 messages in this topic