Cross-Site Scripting Security

Post Reply
User avatar
Thunderstone
Site Admin
Posts: 2504
Joined: Wed Jun 07, 2000 6:20 pm

Cross-Site Scripting Security

Post by Thunderstone »



Webinator, as distributed, is not subject to that as it escapes all
displayed items.

It is possible for you, as the web site administrator, to modify the Webinator
scripts so as to make them unsafe or to write your own unsafe scripts.
Escapement is generally automatic, but care should be used when using
<fmt>, <send>, <spew> and any other function that sends raw data.



geoffrey.sanders
Posts: 1
Joined: Wed Nov 02, 2005 11:05 am

Cross-Site Scripting Security

Post by geoffrey.sanders »

We have the Thunderstone appliance that is updated with the latest patches, and we still seem to vulnerable to cross site scripting. Is there a fix for this?
User avatar
John
Site Admin
Posts: 2580
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

Cross-Site Scripting Security

Post by John »

John Turnbull
Thunderstone Software
Post Reply