Displaying 1 result from an estimated 1 matches for "7f4de43e".
2006 May 11
3
sanitize dangers
I''ve noticed that it is possible to pass javascript unaltered through
the sanitize function using CSS. For example:
sanitize( "<style
type=''text/css''>body{background-image:url(''javascript:window.alert(1)'')
}</style>" )
IE will execute the javascript. Firefox will not. I haven''t tried it
with any other browsers.