[10815] in bugtraq
Re: Netscape Communicator JavaScript in security</h2>
<h4>daemon@ATHENA.MIT.EDU (John D. Hardin)<br>Mon Jun 14 13:40:09 1999</h4>
<pre>Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.3.96.990612225456.8589C-100000@gypsy.rubyriver.com>
Date: Sat, 12 Jun 1999 22:58:26 -0700
Reply-To: "John D. Hardin" <<A HREF="mailto:jhardin@WOLFENET.COM">jhardin@WOLFENET.COM</A>>
From: "John D. Hardin" <<A HREF="mailto:jhardin@WOLFENET.COM">jhardin@WOLFENET.COM</A>>
To: <A HREF="mailto:BUGTRAQ@NETSPACE.ORG">BUGTRAQ@NETSPACE.ORG</A>
In-Reply-To: <19990527111224.F29262@underground.org>
On Thu, 27 May 1999, Aleph One wrote:
> That doesn't really cut it. You can embed JavaScript into things
> linke onClick, onLoad, etc. You need to kill all those as well.
Thanks for pointing that out. I've updated the sanitizer to defang the
event handlers explicitly, which saves blocking the <BODY> and <TITLE>
tags themselves, and also protects links.
The current release of the sanitizer is 1.84 and it is available at
ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html
--
John Hardin KA7OHZ jhardin@wolfenet.com
pgpk -a finger://gonzo.wolfenet.com/jhardin PGP key ID: 0x41EA94F5
PGP key fingerprint: A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
-----------------------------------------------------------------------
Efficiency can magnify good, but it magnifies evil just as well.
So, we should not be surprised to find that modern electronic
communication magnifies stupidity as *efficiently* as it magnifies
intelligence.
-- Robert A. Matern
-----------------------------------------------------------------------
89 days until 9/9/99
</pre>
<hr>
<table border=0 cellspacing=0 cellpadding=1>
<tr align=center valign=center>
<td width=44><a href="/"><img src="/images/i-d.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="/help.html"><img src="/images/i-help.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="./?10815"><img src="/images/i-back.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="1"><img src="/images/i-first.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-fref.gif" alt="" width=40 height=40></td>
<td width=44><img src="/images/n-pref.gif" alt="" width=40 height=40></td>
<td width=44><a href="10814"><img src="/images/i-prev.gif" alt="" width=40 height=40></a></td>
<td width=44><a href="10816"><img src="/images/i-next.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-nref.gif" alt="" width=40 height=40></td>
<td width=44><img src="/images/n-lref.gif" alt="" width=40 height=40></td>
<td width=44><a href="42493"><img src="/images/i-last.gif" alt="" width=40 height=40></a></td>
<td width=44><img src="/images/n-post.gif" alt="" width=40 height=40></td>
</tr><tr align=center valign=center><td><a href="/">home</a></td>
<td><a href="/help.html">help</a></td>
<td><a href="./?10815">back</a></td>
<td><a href="1">first</a></td>
<td>fref</td>
<td>pref</td>
<td><a href="10814">prev</a></td>
<td><a href="10816">next</a></td>
<td>nref</td>
<td>lref</td>
<td><a href="42493">last</a></td>
<td>post</td>
</tr></table>
</body></html>
