W3C home > Mailing lists > Public > www-validator-css@w3.org > December 2009

Re: Do you have a XSS on your validator

From: Yves Lafon <ylafon@w3.org>
Date: Mon, 7 Dec 2009 09:24:42 -0500 (EST)
To: Alejandro Ramirez <janito23@gmail.com>
cc: www-validator-css@w3.org
Message-ID: <alpine.DEB.1.10.0912070923590.5631@wnl.j3.bet>
On Sat, 5 Dec 2009, Alejandro Ramirez wrote:

> Hi i'm Alejandro, i find a XSS on your css validator.
>
> http://jigsaw.w3.org/css-validator/validator?uri=http%3A%2F%2Fwww.megaupload.com%2F%3Fd%3D6MCG5ZQB%3Cscript%3Ealert%28%27janito24%27%29%3C%2Fscript%3E&profile=css21&usermedium=all&warning=1&lang=es
>
> Thanks and sorry for my english i can't explain better my english is very
> poor.

Thanks for the report, there was indeed an issue there. The output is now 
escaped as it should.

-- 
Baroula que barouleras, au tiéu toujou t'entourneras.

         ~~Yves
Received on Monday, 7 December 2009 14:24:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 June 2012 00:14:25 GMT