[Owasp-antisamy] escaped tags goes thru without getting removed

Serge Droganov sergei at droganov.ru
Wed Apr 15 15:44:12 EDT 2009


Hi there,
How can you be sure I've not saved explosiveAtomBombe.js as  
funnyBunny.jpg?

  Leave this to browser programmers ;-)

Thanks,
Serge

On Apr 15, 2009, at 11:27 PM, Girish wrote:

> any idea how to remove this type of URLs ? does policy file need to  
> be tuned ?
>
> <img src="http://aksdgjklasdjgkjasklgjkl.com/attack.js"/>
>
> thanks,
> Girish

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20090415/e3741364/attachment-0001.html 


More information about the Owasp-antisamy mailing list