[RCD] [RCU] Vulnerability in Roundcube

Balachandran Sivakumar benignbala at gmail.com
Thu Dec 13 13:10:13 CET 2007


On Dec 13, 2007 5:30 PM, Robin Elfrink <elfrink at introweb.nl> wrote:
>
> I have here a quick hacked-up patch for the IE CSS XSS vulnerability.
> Partly stolen from Squirrelmail.

      From what i know about XSS, i think this is what is asked in this RFE
http://trac.roundcube.net/ticket/1484584

    And as suggested, i think using htmlpurifier or such stuff is
better. But if this squirrelmail hacked code works fine here as well,
then no issues. But i thought why to reinvent the wheel?

Please correct me if i am wrong.
-- 
                     Thank you
Balachandran Sivakumar
(benignbala)

Arise Awake and stop not till the goal is reached

        Learn to live.................Live to learn

Mail: benignbala at gmail.com
Blog: http://benignbala.wordpress.com/
Site:http://benignbala.googlepages.com
_______________________________________________
List info: http://lists.roundcube.net/dev/



More information about the Dev mailing list