[owasp-intrinsic-security] Fwd: Defending XSSAttachs-by Browsers

• Previous message: [owasp-intrinsic-security] Fwd: Defending XSS Attachs-by Browsers
• Next message: [owasp-intrinsic-security] Fwd: Defending XSSAttachs-by Browsers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Agree with you on mostly everything here. Just two things:
 
> Anti-Samy is great, but it again flies in the face of completely open HTML.
 
Can you elaborate? You can paste any kind of code into AntiSamy - dirty, broken fragmented HTML or clean code generated from a WYSIWYG.
 
> As I said, this is not a suggestion we as a group need to make.  It's already well understood by both FF and
> IE and has been since I first started talking about it with them 3-4 years ago. 
 
Even if they are aware of it, I think we should still recommend it (and the jail). This group is as much about implementing real life solutions to webappsec problems as it is drawing a line in the sand in a non-confrontational way. There is value in saying "Today, September 1st, OWASP is telling the world as a publicly recognized authority, these are the security technologies that will help protect consumers."
 
Cheers,
Arshan

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-intrinsic-security/attachments/20080902/b0d2e0d3/attachment.html 

• Previous message: [owasp-intrinsic-security] Fwd: Defending XSS Attachs-by Browsers
• Next message: [owasp-intrinsic-security] Fwd: Defending XSSAttachs-by Browsers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]