Bugtraq mailing list archives

Re: [WEB SECURITY] countermeasure against attacks through HTML shared files

From: fcorella () pomcor com
Date: Fri, 07 Nov 2008 17:38:29 +0000

Hi Adrian,

It would have been cool to mention Microsoft SharePoint as an example of
a popular file sharing system that allows persistent XSS through shared
HTML files. i.e.:


Thanks for pointing this out.  I didn't look at SharePoint, actually.  I did look at many others, and didn't find any 
that took any explicit precautions against XSS through shared files.  But I thought there was no need to mention any 
names in the paper.

Francisco

Current thread:

Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella (Nov 07)
- <Possible follow-ups>
- Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella (Nov 09)
- Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella (Nov 11)