Displaying 1 result from an estimated 1 matches for "bsterne".
Did you mean:
sterne
2009 Jun 04
0
XSS (was Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....)
...ally, it is easy for a
autobot
> to find them all and zero day your forums, xss your whatever, and so on.
>
> Dang scary to leave JS on at all....even though you basically have too.
Mozilla is beginning to address this issue with Content Security Policy
-=-
http://people.mozilla.org/~bsterne/content-security-policy/
-=-
CSP will require pro-active webmasters who use it and browsers that
enforce the client side enforcement, but it's a step in the right direction.
I wrote a php class that partially implements CSP server side as an
output filter
-=-
http://www.clfsrpm.net/xss/
-=...