[Zope-dev] New: Cross Site Scripting vulnerability

Chris Withers chrisw@nipltd.com
Sun, 23 Sep 2001 18:46:53 +0100


>         Hello message board. This is a message.
>                <SCRIPT>malicious code</SCRIPT>
>         This is the end of my message.

I don't really see your point other than a carelessly implemented app may
expose these kind of vulnerabilities. Python (and hence Zope) has a library
for stripping out this sort of malicious HTML.

Search for Strip-o-Gram or Squishdot on Zope.org for examples of how this
can be used.

cheers,

Chris