MozillaWiki

Security/Features/XSS Filter: Difference between revisions

Page Discussion

Security/Features/XSS Filter (view source)

Revision as of 20:48, 28 July 2011

1 byte removed ,  28 July 2011
no edit summary
No edit summary
No edit summary
Line 38: Line 38:
|Feature security health=OK
|Feature security health=OK
|Feature security notes=Needs a 2nd review meeting  
|Feature security notes=Needs a 2nd review meeting  
* [[/Security/Reviews/xssfilter|Notes]]
* [[Security/Reviews/xssfilter|Notes]]
}}
}}
*IE8 filter: based on regexps, it is basically a proxy (even though it lives in the browser process) that mangles scripts if they are deemed malicious. Sanitizing the attack through mangling is very dangerous, because it might affect the way the rest of the page is parsed. This made an attack possible on an earlier version of the filter.  
*IE8 filter: based on regexps, it is basically a proxy (even though it lives in the browser process) that mangles scripts if they are deemed malicious. Sanitizing the attack through mangling is very dangerous, because it might affect the way the rest of the page is parsed. This made an attack possible on an earlier version of the filter.  
Curtisk
canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/334450"