W3C home > Mailing lists > Public > public-web-security@w3.org > January 2011

Re: XSS mitigation in browsers

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Thu, 20 Jan 2011 23:07:57 -0500
Message-ID: <4D39069D.2070203@mit.edu>
To: "sird@rckc.at" <sird@rckc.at>
CC: gaz Heyes <gazheyes@gmail.com>, Michal Zalewski <lcamtuf@coredump.cx>, Sid Stamm <sid@mozilla.com>, Brandon Sterne <bsterne@mozilla.com>, Adam Barth <w3c@adambarth.com>, public-web-security@w3.org, Lucas Adamski <ladamski@mozilla.com>
On 1/20/11 7:10 PM, sird@rckc.at wrote:
> Here's the PoC:
> http://eaea.sirdarckcat.net/epicwin.xhtml
>
> Though, only works on xhtml :(

Ah, and this doesn't work in Gecko 2.0.  Sanity is restored.  ;)

-Boris
Received on Friday, 21 January 2011 04:09:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 21 January 2011 04:09:05 GMT