Have you guys tested RoundCube for XSS vulnerabilities, for example using this list? http://ha.ckers.org/xss.html
Is it possible to completely disable the display of HTML messages in the web interface (ie make sure that HTML parts are only available as "Content-Type: attachment" http streams)?
Cc pls ;) _______________________________________________ List info: http://lists.roundcube.net/dev/
On 11/2/07, rosenfield.albert@gmail.com rosenfield.albert@gmail.com wrote:
Have you guys tested RoundCube for XSS vulnerabilities, for example using this list? http://ha.ckers.org/xss.html
Is it possible to completely disable the display of HTML messages in the web interface (ie make sure that HTML parts are only available as "Content-Type: attachment" http streams)?
Cc pls ;)
We have a page in the making ironing out a couple issues, but nothing major.
Will post more on this next weekish.
Till _______________________________________________ List info: http://lists.roundcube.net/dev/
-
rosenfield.albert@gmail.com -
till