[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] xss filter to protect from xss attacks

From: "Lalit Patel" <lalitpatel@xxxxxxxxx>
Subject: Re: [WEB SECURITY] xss filter to protect from xss attacks
Date: Thu, 25 Jan 2007 22:59:58 +0530

Hi All,

Can the XSS problem (both avoiding and filtering) be minimized if we
accept only XHTML from the user? I mean if we create a custom DTD and
then validate the user input against that.

For example
If we allow only <b> (bold) or <i> (italic) tag, we may validate the
input against that DTD.

Regards,
Lalit Patel
--
http://www.lalit.org

---------------------------------------------------------------------------- The Web Security Mailing List: http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/ http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] xss filter to protect from xss attacks
  - From: Anurag Agarwal

Prev by Date: [WEB SECURITY] WEB2.0 Security Isuues
Next by Date: RE: [WEB SECURITY] img src , cant get it!
Previous by thread: Re: [WEB SECURITY] xss filter to protect from xss attacks
Next by thread: Re: [WEB SECURITY] xss filter to protect from xss attacks
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site