Re: [Full-Disclosure] [anti-XSS]about CERT/CC:malicious_code_mitigation
From: Dave Horsfall (dave_at_horsfall.org)
To: Full Disclosure List <firstname.lastname@example.org> Date: Tue, 10 Aug 2004 16:46:24 +1000 (EST)
On Mon, 9 Aug 2004, dd wrote:
> > The *important* part is that you're *not* using 's/[list-of-known-bad]//g',
> > but that you use 's/[^list-of-known-good]//g'. Making the known-good list
> > for each field is the programmer's problem.
> PS- I assume it wasn't really your intent to remove the good chars... <grin>
That is not what he wrote above.
Full-Disclosure - We believe in it.