[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability
- From: BlackHawk <hawkgotyou@xxxxxxxxx>
- Date: Thu, 17 Jan 2008 21:12:03 +0100
> ======
> 4) Fix
> ======
> Notepad should be rewritten to filter potentially dangerous
> characters. Characters can be converted to their html encoded
> equivalents.
translated: you CAN'T write pages in HTML with any program..
>Fredrick Diggle Security Services is probably the best application
>security researchers on the scene this month. They have identified
>several hundred thousand vulnerabilities this week[..]
i think you must read this:
http://www.amazon.com/PCs-Dummies-Quick-Reference-Gookin/dp/0764507222
--
Best regards,
BlackHawk mailto:hawkgotyou@xxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/