[Owasp-antisamy] is there an XSS risk with the target attribute on <a href>?

Eric Kreiser ekreiser at mzinga.com
Wed Aug 6 13:11:58 EDT 2008


Any thoughts on the subject???


Eric Kreiser wrote:
> all of the base policy files seem to scrub it out.
>
> what is the risk of allowing a target attribute?
>
> thanks in advance for any help you can give me
> Eric Kreiser
>
>
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy
>
>   

-- 

*Eric S. Kreiser**
*Senior Software Architect


*M**z**inga**
*5095 Ritter Road . Mechanicsburg, PA  17055
---------------------------------------------------
*Call my office:* 717.458.9804
*Fax me:* 717.790.0401
*Email me:* ekreiser at mzinga.com <mailto:ekreiser at mzinga.com>
*Learn more:* http://mzinga.com/v/ekreiser/
*Toll Free:* 800.869.5763

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080806/208690b9/attachment.html 


More information about the Owasp-antisamy mailing list