kphill42 at gmail.com
Wed Apr 4 15:41:54 UTC 2012
Just doing a quick look around the web, would it be of any value to send "
X-XSS-Protection: 0;" in the header? It seems that it is supported by a
majority of the browsers and would provide a fix for those browsers that
try and stop the XSS from happening.
On Wed, Apr 4, 2012 at 11:27 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:
> 2012/4/2 kyle phillipeck <kphill42 at gmail.com>:
> > Hi Alex,
> > I would love to take a look into your regex and see if I could extend
> > and find a powerful solution that allowed for more flexibility in the
> > current challenges!
> > As for the inconsistencies between the front-end and different browsers
> > you think that submitting a list of things that don't appear right on the
> > live version to the google code repository would be an acceptable way to
> > bring them to everyone's attention?
> Absolutely. One of the ideas we have for GSOC is standardization of
> the challenges which includes interoperability issues between various
> You should bear in mind though that many modern browsers for example
> have built-in XSS-preventing features. Thus, for educational purposes
> we recommend either turning such features off or using other browsers.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-hackademic-challenges