XSS vulnerability in RDF validation service from Philip Taylor on 2009-03-16 (www-rdf-validator@w3.org from March 2009)

From: Philip Taylor <pjt47@cam.ac.uk>
Date: Mon, 16 Mar 2009 22:52:27 +0000
To: www-rdf-validator@w3.org
Message-ID: <49BED82B.3020000@cam.ac.uk>

See 
<http://www.w3.org/RDF/Validator/ARPServlet?URI=http%3A%2F%2Fphilip.html5.org%2Fdemos%2Frdfa%2Fmisc02.html&PARSE=Parse+URI%3A+&TRIPLES_AND_GRAPH=PRINT_TRIPLES&FORMAT=PNG_EMBED>

The validator displays strings without any escaping, allowing arbitrary 
script code to be executed in the www.w3.org security context.

-- 
Philip Taylor
pjt47@cam.ac.uk

Received on Monday, 16 March 2009 22:53:05 UTC