Re: [Full-Disclosure] [anti-XSS]about CERT/CC:malicious_code_mitigation

From: Dave Horsfall (dave_at_horsfall.org)
Date: 08/10/04

Next message: advisories: "[Full-Disclosure] Corsaire Security Advisory - Port80 Software ServerMask inconsistencies"

Previous message: Patrik Torin: "[Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #1826 - 23 msgs"
In reply to: dd: "Re: [Full-Disclosure] [anti-XSS]about CERT/CC:malicious_code_mitigation"
Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] [anti-XSS]about CERT/CC:malicious_code_mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Full Disclosure List <full-disclosure@lists.netsys.com>
Date: Tue, 10 Aug 2004 16:46:24 +1000 (EST)

On Mon, 9 Aug 2004, dd wrote:

> > The *important* part is that you're *not* using 's/[list-of-known-bad]//g',
> > but that you use 's/[^list-of-known-good]//g'. Making the known-good list
> > for each field is the programmer's problem.
>
> [...]
>
> PS- I assume it wasn't really your intent to remove the good chars... <grin>

That is not what he wrote above.

-- Dave

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: advisories: "[Full-Disclosure] Corsaire Security Advisory - Port80 Software ServerMask inconsistencies"

Previous message: Patrik Torin: "[Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #1826 - 23 msgs"
In reply to: dd: "Re: [Full-Disclosure] [anti-XSS]about CERT/CC:malicious_code_mitigation"
Next in thread: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] [anti-XSS]about CERT/CC:malicious_code_mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]