[Owasp-antisamy] is there an XSS risk with the target attribute on <a href>?

Eric Kreiser ekreiser at mzinga.com
Wed Aug 6 13:11:58 EDT 2008

Any thoughts on the subject???

Eric Kreiser wrote:
> all of the base policy files seem to scrub it out.
> what is the risk of allowing a target attribute?
> thanks in advance for any help you can give me
> Eric Kreiser
> _______________________________________________
> Owasp-antisamy mailing list
> Owasp-antisamy at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-antisamy


*Eric S. Kreiser**
*Senior Software Architect

*5095 Ritter Road . Mechanicsburg, PA  17055
*Call my office:* 717.458.9804
*Fax me:* 717.790.0401
*Email me:* ekreiser at mzinga.com <mailto:ekreiser at mzinga.com>
*Learn more:* http://mzinga.com/v/ekreiser/
*Toll Free:* 800.869.5763


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20080806/208690b9/attachment.html 

More information about the Owasp-antisamy mailing list