Sorry for the OT ness of this thread---
I spent the better part of the past 2 days trying to do a 1pass
content filtering on xss attacks-- including flash. breaking down
every piece of user input 2x wasn't nice on my server load.
I liked HTML::TagFilter, but it was making broken tags and I
On Oct 6, 2006, at 4:33 PM, Chris Shiflett wrote:
Jonathan Vanasco wrote:
can't a lot of this be locked down with http referrers?
Until July of this year, checking the Referer was thought to be a
pretty
good safeguard against CSRF, because an attacker would have to cause a
victim to send
Jonathan Vanasco wrote:
> > Unfortunately, Amit Klein published some research in July that
> > demonstrated how to do this with Flash. So, if your users use
> > clients that support Flash (which most do), this is not a good
> > safeguard.
>
> Do you have a link to that?
http://webappsec.org/lists
On Oct 6, 2006, at 4:33 PM, Chris Shiflett wrote:
Until July of this year, checking the Referer was thought to be a
pretty
good safeguard against CSRF, because an attacker would have to cause a
victim to send the right Referer, which isn't so easy.
Unfortunately, Amit Klein published some re
