search for: 7f4de43e

Displaying 1 result from an estimated 1 matches for "7f4de43e".

2006 May 11
3
sanitize dangers
I''ve noticed that it is possible to pass javascript unaltered through the sanitize function using CSS. For example: sanitize( "<style type=''text/css''>body{background-image:url(''javascript:window.alert(1)'') }</style>" ) IE will execute the javascript. Firefox will not. I haven''t tried it with any other browsers.