vb.org Archive
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Why is letting HTML dangerous? (https://vborg.vbsupport.ru/showthread.php?t=153764)

Lea Verou 08-03-2007 07:28 PM
Quote:
Originally Posted by SirAdrian (Post 1307836)
CSS can be dangerous too. There are even some vulnerabilities which rely on CSS, such as the cursor exploit.
How can someone "purify" the CSS then, apart from stripping out HTML code?

Adrian Schneider 08-03-2007 08:17 PM
You can't really. However this was a browser exploit (actually windows thing, but only affected IE). Windows had a bug with parsing the cursor files, so basically it would execute it as raw code or something, which then lead to the installation of about 5 different viruses :(

[off topic]: working on a clients site, and i had up to date virus definitions... i am very prompt with that kind of thing. he says there is a problem with his site, like it's been hacked or something. so I view it with firefox... looks fine. so he tells me to view it with IE and that was the end of it. It got in so deep I had to reformat my PC and I was off for about a week :( all this from a CSS exploit!

I would strip out some annoying CSS things. Be careful with allowing it though, because they can change nearly everything on the page with CSS!


All times are GMT. The time now is 03:40 AM.
Page 3 of 3 12 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02568 seconds
  • Memory Usage 1,711KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete