[TYPO3-core] RFC: #15812: Add backend maintenance for login news
Jigal van Hemert
jigal at xs4all.nl
Mon Sep 27 23:31:16 CEST 2010
Hi,
On 27-9-2010 22:45, Helmut Hummel wrote:
> 3. removeXSS is very limited and in a kind of unmaintained state. It
> also produces false positives, which can lead to rather unexpected results.
Can you send them to me by private mail? I'd like to fix them.
Almost two years ago I changed quite a lot in removeXSS (rev. 4457),
including speed improvements and a lot of extra tests (from
http://ha.ckers.org/xss.html except the "URL string evasion" items).
--
Kind regards / met vriendelijke groet,
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-team-core
mailing list