canmove, Confirmed users
1,537
edits
Security/Features/XSS Filter: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 29: | Line 29: | ||
|Feature non-goals=* This feature will not stop persistent or injected XSS attacks (only reflected ones). | |Feature non-goals=* This feature will not stop persistent or injected XSS attacks (only reflected ones). | ||
* The filter will not be able to deal with complex string transformations employed by web applications. In this case, it will fail to recognize that the script was provided by an input parameter and allow it to run. | * The filter will not be able to deal with complex string transformations employed by web applications. In this case, it will fail to recognize that the script was provided by an input parameter and allow it to run. | ||
|Feature security review=[[Security/Reviews/xssfilter Initial Security Review]] | |||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||