[WEB SECURITY] xss filter to protect from xss attacks

[Anurag Agarwal <anurag.agarwal@xxxxxxxxx>]

--0-2122052360-1169536714=:61597
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

I have created a xss filter to protect from xss attacks. Though i have filt=
ered only for 8 characters but i was able to test against all the attacks m=
entioned in the RSnake's cheat sheet. Appscan was not able to detect any xs=
s attacks on it. I request the application security community to help test =
this filter. 90% i am sure that you wont be able to perform any xss attack =
on it, the rest 10% i will find out after the feedback from the community. =
For the curious mind, it is written in java=0A=0AIn case if you are success=
ful in performing xss attack, please do reply to this email with your name,=
 browser and the xss attack string.=0A=0Aurl - http://www.attacklabs.com/xs=
sfilter/=0A=0AI appreciate your time and effort. Thanks a lot in advance=0A=
 =0ACheers,=0A =0AAnurag Agarwal=0A =0ASEEC - An application security searc=
h engine=0AWeb: www.attacklabs.com , www.myappsecurity.com=0AEmail : anurag=
.agarwal@yahoo.com=0ABlog : http://myappsecurity.blogspot.com
--0-2122052360-1169536714=:61597
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<html><head><style type=3D"text/css"><!-- DIV {margin:0px;} --></style></he=
ad><body><div style=3D"font-family:arial, helvetica, sans-serif;font-size:1=
0pt"><DIV></DIV>=0A<DIV>I have created&nbsp;a&nbsp;xss filter to&nbsp;prote=
ct from xss attacks. Though i have filtered only for 8 characters but i was=
&nbsp;able to test against all the attacks mentioned in the RSnake's cheat =
sheet.&nbsp;Appscan was not able to detect any&nbsp;xss attacks on it. I re=
quest the application security community to help test this filter. 90% i am=
 sure that you wont&nbsp;be able to perform any xss attack on it, the rest =
10% i will find out after the feedback from the community. For the curious =
mind, it is written in java</DIV>=0A<DIV>&nbsp;</DIV>=0A<DIV>In case if you=
&nbsp;are successful in performing xss attack,&nbsp;please do&nbsp;reply to=
 this email&nbsp;with your name, browser and the xss attack string.</DIV>=
=0A<DIV>&nbsp;</DIV>=0A<DIV>url - <A href=3D"http://www.attacklabs.com/xssf=
ilter/">http://www.attacklabs.com/xssfilter/</A></DIV>=0A<DIV>&nbsp;</DIV>=
=0A<DIV>I appreciate your time and effort. Thanks a lot in advance<BR>&nbsp=
;</DIV>=0A<P>Cheers,</P>=0A<P>&nbsp;</P>=0A<P>Anurag Agarwal</P>=0A<P>&nbsp=
;</P>=0A<P><A href=3D"http://www.myappsecurity.com/";>SEEC - An application =
security search engine</A></P>=0A<P>Web:&nbsp;<A href=3D"http://www.attackl=
abs.com/">www.attacklabs.com</A>&nbsp;, <A href=3D"http://www.myappsecurity=
.com/">www.myappsecurity.com</A></P>=0A<P>Email : <A href=3D"mailto:anurag.=
agarwal@yahoo.com">anurag.agarwal@yahoo.com</A></P>=0A<P>Blog : <A href=3D"=
http://myappsecurity.blogspot.com/";>http://myappsecurity.blogspot.com</A></=
P>=0A<P>&nbsp;</P>=0A<DIV></DIV></div></body></html>
--0-2122052360-1169536714=:61597--