- Jan 14, 2004--- In firstname.lastname@example.org, "Bradford L. Barrett" <brad@m...>
>I suppose I don't really understand what cross-site scripting means.
> > Thanks. This works. I do have access control for who can read the
> > reports.
> Access control does not prevent cross-site scripting :(
The change to isurlchar() is ony to webalizer, nothing is changed on
the Apache server side.
You mentioned something about someone sending bogus query string to
make to the top 20. let us further assume someone else get to see
the report Webalizer makes. He sees that the URL with the bogus
query string. What then?
Thanks for helping out.
- << Previous post in topic Next post in topic >>