96Re: ADsafe, Take 6
- Oct 16, 2007<div x="\"><img onload=alert(42)
--- In email@example.com, "Douglas Crockford" <douglas@...>
> The next step is to secure HTML fragments. JSLint has an HTML
> option. When used with ADsafe, it will accept a <div> or <iframe>and
> its contents. It will be inspected for XSS attacks and otherworries.
> The <div> may contain a <script> that will also be vetted and
> The biggest open issue is policy on id's of HTML elements. I'll be
> working with our ad system people to resolve that.
> Safe HTML makes safe JS look easy. Really easy. Please let me know
> what XSS attacks get passed.
- << Previous post in topic Next post in topic >>