[Webappsec] [WEB SECURITY] script inside .txt file

[Bubba Gump]

This might be a little wacky, but what do you think of this potential
solution:

Configure the web server to return "Content-Type: text/html" for all files
that end in .txt.  Then create a server module that HTML Encodes the
contents of all .txt files before delivering the content to the browser.

Would that work?

- Bubba
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/webappsec/attachments/20070425/167f0965/attachment.html