Mozilla Pheonix Prevents XSS ?

[securityarchitect () hush com]

There has been a lot of discussion recently about ways to prevent XSS client-side and seems MS have made some HTML 
extensions to mark frames safe from scripting a while back in IE. This got me thinking that given the browser runs a 
known JavaScript interpreter it would seem sensible to intercept certain function calls and prevent them from running. 
Sure enough on investigation the Mozilla Pheonix browser does exactly this. There is a setting that you can enable that 
prevents JavaScript from reading cookies.

Has anyone tested it? Seems like a great idea.

PS I see the OWASP filters project have some Java code in the CVS for preventing XSS at the server-side. Anyone know 
when it will be finished and when other languages will be available?



Get your free encrypted email at https://www.hushmail.com