WebApp Sec mailing list archives
Mozilla Pheonix Prevents XSS ?
From: securityarchitect () hush com
Date: Mon, 11 Nov 2002 09:57:11 -0800
There has been a lot of discussion recently about ways to prevent XSS client-side and seems MS have made some HTML extensions to mark frames safe from scripting a while back in IE. This got me thinking that given the browser runs a known JavaScript interpreter it would seem sensible to intercept certain function calls and prevent them from running. Sure enough on investigation the Mozilla Pheonix browser does exactly this. There is a setting that you can enable that prevents JavaScript from reading cookies. Has anyone tested it? Seems like a great idea. PS I see the OWASP filters project have some Java code in the CVS for preventing XSS at the server-side. Anyone know when it will be finished and when other languages will be available? Get your free encrypted email at https://www.hushmail.com
Current thread:
- Mozilla Pheonix Prevents XSS ? securityarchitect (Nov 11)