[RCD] [RCU] Vulnerability in Roundcube
benignbala at gmail.com
Thu Dec 13 13:10:13 CET 2007
On Dec 13, 2007 5:30 PM, Robin Elfrink <elfrink at introweb.nl> wrote:
> I have here a quick hacked-up patch for the IE CSS XSS vulnerability.
> Partly stolen from Squirrelmail.
From what i know about XSS, i think this is what is asked in this RFE
And as suggested, i think using htmlpurifier or such stuff is
better. But if this squirrelmail hacked code works fine here as well,
then no issues. But i thought why to reinvent the wheel?
Please correct me if i am wrong.
Arise Awake and stop not till the goal is reached
Learn to live.................Live to learn
Mail: benignbala at gmail.com
List info: http://lists.roundcube.net/dev/
More information about the Dev