Re: [RCD] [RCU] Vulnerability in Roundcube

13 Dec 2007


      On Dec 13, 2007 5:30 PM, Robin Elfrink elfrink@introweb.nl wrote:
...
I have here a quick hacked-up patch for the IE CSS XSS vulnerability.
Partly stolen from Squirrelmail.
  From what i know about XSS, i think this is what is asked in this RFE

http://trac.roundcube.net/ticket/1484584
And as suggested, i think using htmlpurifier or such stuff is

better. But if this squirrelmail hacked code works fine here as well,
then no issues. But i thought why to reinvent the wheel?
Please correct me if i am wrong.
                 Thank you

Balachandran Sivakumar
(benignbala)
Arise Awake and stop not till the goal is reached
    Learn to live.................Live to learn


Mail: benignbala@gmail.com
Blog: http://benignbala.wordpress.com/
Site:http://benignbala.googlepages.com
_______________________________________________
List info: http://lists.roundcube.net/dev/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [RCD] [RCU] Vulnerability in Roundcube

Please correct me if i am wrong.