[Owasp-antisamy] How Filter UTF Character Using Antisamy

Karel, Hitesh Hitesh.Karel at fiserv.com
Thu Jan 28 08:47:38 EST 2010


Hi Arshan /Jason,

I am using Antimsay tool to filter XSS attack. But just recently I have found that Antisamy unable to Filter UTF char.
e.g.
string could be msg=xx%3C%3Cg%3Eiframe%20src%20%3dhttp://www.google.com%20width=%22100%%22%20height=%22300%22%3Ea%3C%3Cg%3E/iframe%3E
which is same as msg=<iframe src=http://www.google.com  width="" height=""></iframe> and

Hitesh Karel
Software Engineer
Global Services
(Desk)-020-4101-4606

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-antisamy/attachments/20100128/66c10e15/attachment.html 


More information about the Owasp-antisamy mailing list