• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Help from security gurus?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Help from security gurus?


  • Subject: Help from security gurus?
  • From: Mai Nguyen <email@hidden>
  • Date: Fri, 12 Aug 2011 16:57:20 -0700

Hello,
I am really baffled at how someone can insert a <A target> link into the following WebObjects page:
.....
<td> &amp;#x5b;Enter brief description of issue&amp;#x28;s&amp;#x29;&amp;#x5d;
                <br/>
                 <a href="" >Show Summary</a> 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<A target="[Enter brief description of issue(s)]" href="">Show Details</A>
                </td>
......
All input fields are verified and sanitized.

Could someone inject this <A> link from the above _javascript_?

Many thanks for your advice,

-mai
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

  • Follow-Ups:
    • Re: Help from security gurus?
      • From: Chuck Hill <email@hidden>
  • Prev by Date: Re: Ad-hoc reporting tool?
  • Next by Date: Jars in frameworks and Eclipse
  • Previous by thread: Re: [RESOLVED] AjaxObserveField weirdness (empty response from server)
  • Next by thread: Re: Help from security gurus?
  • Index(es):
    • Date
    • Thread