[Owasp-antisamy] Can antisamy scrub more then html/css

Eric Kreiser ekreiser at mzinga.com
Fri Mar 20 09:00:34 EDT 2009


so a standard xss issue is if the user enters something which is not 
html... but when combined with html would be a vulnerability.  For 
instance 

x" onmouseover=alert(something)

does antisamy have a solution for this?

Thanks
Eric


More information about the Owasp-antisamy mailing list