Simon Willison’s Weblog

Subscribe
Atom feed for fuzztesting

1 item tagged “fuzztesting”

2008

Javascript protocol fuzz results. If your HTML sanitizer uses blacklisting rather than whitelisting here are a few more weird ways of injecting javascript: in to a link that you need to worry about—but you should really switch to whitelisting http:// and https:// instead.

# 30th June 2008, 3:57 pm / blacklisting, firefox, fuzztesting, html, javascript, sanitization, security, whitelisting