instiki

History

Jacques Distler 52c1f74ecc Add a couple of XSS tests. Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess, the old sanitizer) are vulnerable. Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII, but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.	2009-01-05 16:25:27 -06:00
..
tests1.dat	Add a couple of XSS tests.	2009-01-05 16:25:27 -06:00

Jacques Distler 52c1f74ecc Add a couple of XSS tests.

Some more tests from Clint Ruoho. The main branch of Instiki (and, I guess,
the old sanitizer) are vulnerable.

Also: under Ruby 1.8.x, CGI.unescapeHTML screws up horribly decoding NCRs
which represent high-bit ASCII characters. UTF-8 agrees with 7-bit ASCII,
but CGI.unescapeHTML doesn't seem to know that they disagree for i>127.

2009-01-05 16:25:27 -06:00

tests1.dat

Add a couple of XSS tests.

2009-01-05 16:25:27 -06:00