anomy-list

Re: HTML defanging issues

From: Robert de Bath (robert$@mayday.cix.co.uk)
Date: Mon 23 Sep 2002 - 09:32:40 GMT

  • Next message: postmaster: "Undeliverable mail--"leftmargin""

    On Fri, 20 Sep 2002, Bjarni R. Einarsson wrote:

    > On 2002-09-18, 16:07:13 (+0200), Andrew wrote:
    > >
    > > telnet Windows 2000 telnet attempts NTLM authentication (or at
    > > least, it did). Network sniffs can can be fed to a
    > > password cracking program.
    > > about Don't know what this will be doing in mail, and
    > > there's some scripting possibilities ..
    >
    > "about" is already on the list... I don't see the security implications
    > of telnet though. How can offering a telnet link be dangerous?

    Buffer overflows ? But I _hope_ that's already there.

    > > <img src="blah"onmouseover="[code]">
    > > <img src="blah>" onmouseover="[code]">
    > > &{[code]}; [N4]
    >
    > I'm gonna have to look into these... :-)
    >
    > I agree that the most worrying is the "blah>" exploit. That one
    > indicates that my parser is broken, and could take some
    > head-scratching to fix. Bugger.

    This feels like it's just getting too complicated for a security program,
    I'm wondering if it might be a good idea for anomy to parse html into a
    syntax tree, so you only keep things that you understand, then completely
    re-generate the html using only structures you know are safe.
    Everything else is assumed to be evil.

    -- 
    Rob.                          (Robert de Bath <robert$ @ debath.co.uk>)
                                           <http://www.cix.co.uk/~mayday>
    



    hosted by molar.is