[Owasp-antisamy] Can antisamy scrub more then html/css

Eric Kreiser ekreiser at mzinga.com
Fri Mar 20 09:00:34 EDT 2009

Previous message: [Owasp-antisamy] escaping tags
Next message: [Owasp-antisamy] Can antisamy scrub more then html/css
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

so a standard xss issue is if the user enters something which is not 
html... but when combined with html would be a vulnerability.  For 
instance 

x" onmouseover=alert(something)

does antisamy have a solution for this?

Thanks
Eric

Previous message: [Owasp-antisamy] escaping tags
Next message: [Owasp-antisamy] Can antisamy scrub more then html/css
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Owasp-antisamy mailing list