Bugtraq mailing list archives
Re: RE: Invision Vulnerabilities, including remote code execution
From: mattmecham () gmail com
Date: 10 Jul 2006 09:57:13 -0000
We have cleaned up much of the post parser in a recent security update which included removing the block of code that attempts to decode hex entities into HTML. Part of the problem is trying to balance a feature rich application against various browser bugs (of which IE is the worst culprit for rendering what should be considered safe HTML code) and programatically safe code.
Current thread:
- Re: RE: Invision Vulnerabilities, including remote code execution mattmecham (Jul 10)