Full Disclosure mailing list archives
Re: [anti-XSS]about CERT/CC:malicious_code_mitigation
From: Dave Horsfall <dave () horsfall org>
Date: Tue, 10 Aug 2004 16:46:24 +1000 (EST)
On Mon, 9 Aug 2004, dd wrote:
The *important* part is that you're *not* using 's/[list-of-known-bad]//g', but that you use 's/[^list-of-known-good]//g'. Making the known-good list for each field is the programmer's problem.[...] PS- I assume it wasn't really your intent to remove the good chars... <grin>
That is not what he wrote above. -- Dave _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [anti-XSS]about CERT/CC:malicious_code_mitigation bitlance winter (Aug 07)
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation Valdis . Kletnieks (Aug 09)
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation dd (Aug 09)
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation Valdis . Kletnieks (Aug 09)
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation dd (Aug 09)
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation Dave Horsfall (Aug 10)
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation Valdis . Kletnieks (Aug 10)
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation dd (Aug 09)
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation Valdis . Kletnieks (Aug 09)
- <Possible follow-ups>
- Re: [anti-XSS]about CERT/CC:malicious_code_mitigation auto269562 (Aug 10)