the Network.URI parser
Peter Gammie
peteg42 at gmail.com
Tue May 27 03:28:53 EDT 2008
Hello,
I'm wondering what the state of this parser is.
It parses the contents of the src attribute in the following:
<p><img src="javascript:alert('XSS');" alt=""/></p>
which causes IE 5.5 (and probably 6) to show a dialog box. (I lifted
this example from the list at http://ha.ckers.org/xss.html)
I was hoping the parser in Network.URI would choke on it - the
parentheses are reserved, at least.
cheers
peter
More information about the Libraries
mailing list