[TYPO3-dev] Proposal: Sanitize GET/POST parameters

Jigal van Hemert jigal at xs4all.nl
Mon Jul 5 19:23:55 CEST 2010


Georg Ringer wrote:
> if you have found examples that the RremoveXSS from core is not secure
> (enough), please don't reveal your findings here but send a mail to
> security at typo3.org or contact me in private. please not here

Sorry, you are absolutely right!

I was just surprised that after testing it together with Steffen with a 
long list of obfuscated attacks it would be "not really reliable".

And yes, security problems/findings should go to the security team.

-- 
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh




More information about the TYPO3-dev mailing list