HTML::BBCode XSS
2006/02/14 filed under /perlAlex of eVuln.com noticed a XSS bug in HTML::BBCode. Although I'm not sure whether checking for javascript:foo(bar) links is supposed to be done by the parser, I've added the option (which is enabled by default) anyways, resulting in HTML::BBCode version 1.05.
As usual, I provide a little sandbox for you to play with/in :-)
Alex was also kind enough to point me to a piece of software called "My Blog" This seems to be using my module. Yay!
Posted by: B10m |
permanent link |
comments (0)
Comments