Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: CSS -> ign.com
From: Steven Champeon <schampeo () hesketh com>
Date: Wed, 6 Feb 2002 21:54:55 -0500

on Tue, Feb 05, 2002 at 11:42:37AM +0100, Knud Erik Højgaard wrote:
To add to the late plethora of CSS bugs, ign.com has some too. 

Would this be the right place to beg that the industry adopt the saner
acronym "XSS" for "Cross site scripting", to distinguish between it and
CSS, which to a large number of netizens means "Cascading Style Sheets"?
Every time I see one of these reports, I think "how can there be a bug
in CSS? It's a W3C Recommendation, not a piece of software..."

Of course, the article I wrote on the subject back in April of 2000
for Webmonkey /still/ allows you to do things like this:

 http://hotwired.lycos.com/webmonkey/00/18/index3a.html
 http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=barney
 http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=has%20no
 http://hotwired.lycos.com/webmonkey/00/18/index3a_page2.html?tw=<script>alert("!");</script>

Sigh.

Steve

-- 
hesketh.com/inc. v: (919) 834-2552 f: (919) 834-2554 w: http://hesketh.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]