[TYPO3-dev] Proposal: Sanitize GET/POST parameters
Jigal van Hemert
jigal at xs4all.nl
Mon Jul 5 19:23:55 CEST 2010
Georg Ringer wrote:
> if you have found examples that the RremoveXSS from core is not secure
> (enough), please don't reveal your findings here but send a mail to
> security at typo3.org or contact me in private. please not here
Sorry, you are absolutely right!
I was just surprised that after testing it together with Steffen with a
long list of obfuscated attacks it would be "not really reliable".
And yes, security problems/findings should go to the security team.
--
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-dev
mailing list