David Vieira-Kurz

David Vieira-Kurz

@secalert

Webapp Security Researcher. Listed on Adobe/Apple/Ebay/Microsoft/Nokia-Siemens/RedHat/Twitter/VZ security whitehat pages.

Germany · blog.majorsecurity.net

Tweet

  1. I think your approach on eval.html is well on disabling js by encoding the dot, equal sign and closing round parenthesis. :)

  2. if user-supplied values comes before hidden then in modern browsers hidden has no priority at all.

  3. i agree with the order. if hidden comes before any user-supplied argument modern browsers only accepts the first one.

  4. by using type/ which in xhtml makes type="" out of it and modern browsers takes the first coming type.

Pemuatan tampaknya berlangsung agak lama.

Twitter sedang kelebihan beban atau mengalami sedikit masalah. Coba lagi atau kunjungi Status Twitter untuk informasi selengkapnya.