[Esapi-user] CSRF +Character Reference Set + Linux

Craig Younkins craig.younkins at owasp.org
Tue Jul 27 09:56:43 EDT 2010


CSRF has nothing to do with character encodings, so I think you're talking
about the XSS codecs.

What text are you sending through the encoder to get the referenced output?
Where is   coming from?

If you are outputting HTML you should not have "<?xml version="1.0"
encoding="UTF-8"?>" but rather a doctype. See [1].

Craig Younkins

[1] http://www.w3schools.com/tags/tag_DOCTYPE.asp

On Mon, Jul 26, 2010 at 6:40 PM, Kesavanarayanan, Ramesh <
Ramesh.Kesavanarayanan at pearson.com> wrote:

>  The issue seems to happen only on Linux boxes
>
> Sample HTML
>
> *<b>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;The bread-slicing
> machine has been celebrated as a great invention.</b>*
>
> Needs to display the character set* **&#160;*  AS tab (SPACE) but it
> displays as JUNK characters.
>
> I indeed have <?xml version="1.0" encoding="UTF-8"?> in the HTML files.
>
> Is there a reason why CSRF does display as junk characters when we have
> character entry set more than 100
>
> *Regards |  **Ramesh Kesavanarayanan**  |    319-354-9200 ext 215785 /
> 215972 (O)** **|  /* * **319-621-7641 (M) *  | *
> ramesh.kesavanarayanan at pearson.com*
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/esapi-user/attachments/20100727/d43de5cb/attachment.html 


More information about the Esapi-user mailing list