HTTP request is made for every keystroke applied to the search query, so it'll essentially increase their server load by a magnitute of average keystrokes per query.
JScript is Microsoft's implementation of Javascript. To the best of my knowledge it's the same, although I wouldn't be surprised to find some proprietary extension within JScript.
An HTML form using POST can be submitted with a hyperlink.
And you're right, it's not just brackets that need replacing, quotes should be replaced too. This massive set of 3 characters are all that defines the bulk of HTML.
However, the issue with XSS is formatting user input that is sent back to the browser.
Obviously user input must be parsed for insertion into SQL queries, but this is not an XSS issue.
As for code being tricked by user input, I've never heard of anyone actually writing code that attempts to evaluate and execute user input as code on the server, that would be ridiculous.
Using POST rather than GET does not address XSS in any way at all. POST values can be sent as easily as putting GET values into a query string.
The issue is addressed by simply parsing any user input that's sent back to the browser. This parsing can be as simple as replacing HTML brackets <> with entity codes <>
This is as basic as web development 101 gets. Any site that falls vicitm to XSS does so due to sloppy coding at its best, and rightly deserves to be compromised!
Slashdot Mirror
Well the GPL used to be much longer, but was somehow mysteriously truncated.
Ars recently posted a short write-up on using C# and Mono to develop for the iPhone.
Sure does
IronPython on Mono howto
These articles clear up a lot of common misconceptions around javascript and its OO capabilites.
Classical Inheritance in JavaScript
JavaScript: The World's Most Misunderstood Programming Language
I guess that means the only browsers with tabs for W2k will be Opera and Firefox.
Yeah I've been using IE with tabs on Windows 2000 for quite a while.
Your sig is spelt incorrectly - should be apisdn
LiteStep
hasn't been mentioned? Fantastic replacement for the Windows shell.
HTTP request is made for every keystroke applied to the search query, so it'll essentially increase their server load by a magnitute of average keystrokes per query.
No disassemble G5, NOOOO!!!!
Yes.
to IE, which has had this feature for years.
forced piss.
Farsed past, pissed fart.... um
JScript is Microsoft's implementation of Javascript. To the best of my knowledge it's the same, although I wouldn't be surprised to find some proprietary extension within JScript.
anyone have one like that for html/javascript? I would love that
I believe there's a JScript (not Javascript, but almost the same) CHM available somewhere on the MSDN site.
An HTML form using POST can be submitted with a hyperlink.
And you're right, it's not just brackets that need replacing, quotes should be replaced too. This massive set of 3 characters are all that defines the bulk of HTML.
However, the issue with XSS is formatting user input that is sent back to the browser.
Obviously user input must be parsed for insertion into SQL queries, but this is not an XSS issue.
As for code being tricked by user input, I've never heard of anyone actually writing code that attempts to evaluate and execute user input as code on the server, that would be ridiculous.
Using POST rather than GET does not address XSS in any way at all. POST values can be sent as easily as putting GET values into a query string.
The issue is addressed by simply parsing any user input that's sent back to the browser. This parsing can be as simple as replacing HTML brackets <> with entity codes <>
This is as basic as web development 101 gets. Any site that falls vicitm to XSS does so due to sloppy coding at its best, and rightly deserves to be compromised!