httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: cross site scripting security issue headsup
Date Thu, 03 Feb 2000 00:32:45 GMT
Doh, thanks, fixed.

I thought about not putting the mod_perl specific one in there at all (ie.
just the CGI.pm one, and I had removed it, so the error probably came
about when I put it back in), but figured I should include it for some
reason.  Don't know what that reason is.  Oh well.

On Wed, 2 Feb 2000, Sander van Zoest wrote:

> On Wed, 2 Feb 2000, Marc Slemko wrote:
> 
> > http://www.apache.org/info/css-security/
> > http://www.cert.org/advisories/CA-2000-02.html
> 
> I think I have found a little typo/oversight in the mod_perl example on
> http://www.apache.org/info/css-security/encoding_examples.html
> 
> It uses escape_html rather then escape_uri on the href line, here is
> a tiny patch.
> 
> Cheers,
> 
> - 
> Sander van Zoest                                             sander@mp3.com   
> High Geek                                                    (858) 623-7442
> MP3.com, Inc.  						http://www.mp3.com/
>   See you at ApacheCon 2000 - Your premiere Music Service Provider (MSP) 
> 


Mime
View raw message