[cryptography] How to safely produce web pages from multiple sources?

Kyle Creyts kyle.creyts at gmail.com
Wed Aug 29 02:26:27 EDT 2012


This makes me wonder about calculated styles... someone could still likely
deface your page
On Aug 28, 2012 11:11 PM, "James A. Donald" <jamesd at echeque.com> wrote:

> On 2012-08-29 12:10 PM, Natanael wrote:
>
>> Isn't the standard answer to always verify, verify, verify? Make sure
>> you only accept some types of data from Malloc and verify it *can't* do
>> strange crap. Also, read up on XSS prevention and all that.
>>
>
> In other words, Bob's server reads malloc's content, rejects everything
> that is not plain vanilla correct strict html without javascript, and if
> passes the test, incorporates it into its own web page.
>
> ______________________________**_________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/**mailman/listinfo/cryptography<http://lists.randombit.net/mailman/listinfo/cryptography>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120828/e5ae039a/attachment.html>


More information about the cryptography mailing list