Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Supported HTML tags error message
Message
 
À
17/04/2015 04:35:23
Al Doman (En ligne)
M3 Enterprises Inc.
North Vancouver, Colombie Britannique, Canada
Information générale
Forum:
Level Extreme
Catégorie:
Autre
Titre:
Re: Supported HTML tags error message
Divers
Thread ID:
01618573
Message ID:
01618609
Vues:
54
>How is that a problem here? Your previous message doesn't render with any active content...

I was just fixing this up. Actually looks like Michel has fixed a lot of them now (used to be able to get ANY tag to work just by putting spaces between the brackets)

But the following vulnerability still exists:

Click here for cross Site Scripting Exposure here

It'll pop up an alert box, but this can be used to get people to click and capture say your cookie here. But at least the drive-by XSS attacks look like they are addressed now.

+++ Rick ---
>
>>There are actually huge security holes here. You can pretty much add any attribute if you leave spaces between the brackets.
>>
>>< script >alert('Gotcha')< /script >
>>
>>test
>>
>>+++ Rick ---
>>
>>>If you try to preview or save a message with an unsupported HTML tag you get an error message. The message lists the tags that are supported, but that list is incomplete.
>>>
>>>For example, the Superscript tag is supported.
+++ Rick ---

West Wind Technologies
Maui, Hawaii

west-wind.com/
West Wind Message Board
Rick's Web Log
Markdown Monster
---
Making waves on the Web

Where do you want to surf today?
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform