Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: RE: Invision Vulnerabilities, including remote code execution
From: mattmecham () gmail com
Date: 10 Jul 2006 09:57:13 -0000

We have cleaned up much of the post parser in a recent security update which included removing the block of code that 
attempts to decode hex entities into HTML.

Part of the problem is trying to balance a feature rich application against various browser bugs (of which IE is the 
worst culprit for rendering what should be considered safe HTML code) and programatically safe code.


  By Date           By Thread  

Current thread:
  • Re: RE: Invision Vulnerabilities, including remote code execution mattmecham (Jul 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault