Re: CSS -> ign.com

From: Steven Champeon (schampeoat_private)
Date: Wed Feb 06 2002 - 18:54:55 PST

Next message: Chad Loder: "Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service"

Previous message: b0iler _: "Re: new advisory - (filtering problems)"
In reply to: Knud Erik Højgaard: "CSS -> ign.com"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

on Tue, Feb 05, 2002 at 11:42:37AM +0100, Knud Erik Højgaard wrote:
> To add to the late plethora of CSS bugs, ign.com has some too. 

Would this be the right place to beg that the industry adopt the saner
acronym "XSS" for "Cross site scripting", to distinguish between it and
CSS, which to a large number of netizens means "Cascading Style Sheets"?
Every time I see one of these reports, I think "how can there be a bug
in CSS? It's a W3C Recommendation, not a piece of software..."

Of course, the article I wrote on the subject back in April of 2000
for Webmonkey /still/ allows you to do things like this:

 http://hotwired.lycos.com/webmonkey/00/18/index3a.html
 http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=barney
 http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=has%20no
 http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=>alert("!");</script>

Sigh.

Steve

-- 
hesketh.com/inc. v: (919) 834-2552 f: (919) 834-2554 w: http://hesketh.com

Next message: Chad Loder: "Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service"
Previous message: b0iler _: "Re: new advisory - (filtering problems)"
In reply to: Knud Erik Højgaard: "CSS -> ign.com"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 14:34:37 PST