[Owasp-hackademic-challenges] GSoC2012

kyle phillipeck kphill42 at gmail.com
Wed Apr 4 15:41:54 UTC 2012


Just doing a quick look around the web, would it be of any value to send "
X-XSS-Protection: 0;" in the header?  It seems that it is supported by a
majority of the browsers and would provide a fix for those browsers that
try and stop the XSS from happening.

Kyle

On Wed, Apr 4, 2012 at 11:27 AM, Konstantinos Papapanagiotou <
Konstantinos at owasp.org> wrote:

> 2012/4/2 kyle phillipeck <kphill42 at gmail.com>:
> > Hi Alex,
> >
> > I would love to take a look into your regex and see if I could extend
> them
> > and find a powerful solution that allowed for more flexibility in the
> > current challenges!
> >
> > As for the inconsistencies between the front-end and different browsers
> do
> > you think that submitting a list of things that don't appear right on the
> > live version to the google code repository would be an acceptable way to
> > bring them to everyone's attention?
>
> Absolutely. One of the ideas we have for GSOC is standardization of
> the challenges which includes interoperability issues between various
> browsers.
> You should bear in mind though that many modern browsers for example
> have built-in XSS-preventing features. Thus, for educational purposes
> we recommend either turning such features off or using other browsers.
>
> Kostas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-hackademic-challenges/attachments/20120404/4c050cc0/attachment.html>


More information about the Owasp-hackademic-challenges mailing list