On Dec 13, 2007 5:30 PM, Robin Elfrink elfrink@introweb.nl wrote:
I have here a quick hacked-up patch for the IE CSS XSS vulnerability. Partly stolen from Squirrelmail.
From what i know about XSS, i think this is what is asked in this RFE
http://trac.roundcube.net/ticket/1484584
And as suggested, i think using htmlpurifier or such stuff is
better. But if this squirrelmail hacked code works fine here as well, then no issues. But i thought why to reinvent the wheel?
Thank you
Balachandran Sivakumar (benignbala)
Arise Awake and stop not till the goal is reached
Learn to live.................Live to learn
Mail: benignbala@gmail.com Blog: http://benignbala.wordpress.com/ Site:http://benignbala.googlepages.com _______________________________________________ List info: http://lists.roundcube.net/dev/