jeudi, janvier 20 2011
jeudi, janvier 20 2011. .NET
Getting bored during the holidays because of rainy days? Want to write a few ASP.NET pages and test them even if you don't have Visual Studio or whatever IDE on your computer?
Fortunately, you don’t need an IDE to run Casini, the ASP.NET development web server because it’s shipped with the standard .NET Framework (even on Windows 7 Starter Edition). All you need to do is:
dimanche, janvier 16 2011
dimanche, janvier 16 2011. Ness.ch
Après de nombreuses années sans grand changement, il est doucement temps de remettre au jour du jour le site ness.ch. Les modifications les plus importantes sont encore à venir (refonte des pages d'accueil, nettoyage de printemps dans les contenus etc) mais une nouvelle fonctionnalité est d'ores et […]
samedi, janvier 8 2011
samedi, janvier 8 2011. Security
Some people still think that black-listing some special characters or encoding only a handful of them solves all XSS issues. Here's hopefully another proof that blacklisting isn't enough:
In a recent example, the following user-supplied characters on a page were encoded to their HTML entities:
The custom method (called afterward customXSSFilter()) also removed any string matching "eval", "alert" or "script".
Obviously, the standard <script>alert('xss');</script> doesn't work in such a case, but is it really enough?
