karthik-rangarajan / owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
0 stars 0 forks source link

Filter Metacharacters #89

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. I am running Acunetix scan on the Antisamy implemented code and it was 
reported that the script is vulnerable to XSS attacks.It has 
suggested that your script should filter meta characters.

What version of the product are you using? On what operating system?
antisamy1.4.1

Original issue reported on code.google.com by radhakri...@gmail.com on 13 Oct 2010 at 7:22

GoogleCodeExporter commented 9 years ago
The parameter used is %3C/xss/*-*/style=xss:e/**/xpression(alert(40541))%3E&

Original comment by radhakri...@gmail.com on 13 Oct 2010 at 12:05

GoogleCodeExporter commented 9 years ago

Original comment by arshan.d...@gmail.com on 15 Nov 2010 at 9:49