avoiding script injection and other lessonshttp://blogs.msdn.com/jeffdav/archive/2004/02/06/68908.aspxMSDN has had an article entitled Security Considerations: Dynamic HTML for a while. It is a good article, but it simply says what not to do. Everytime I run across it I promise myself I am going to write something more useful someday, something that saysen-USCommunityServer 2.1 SP1 (Build: 61025.2)re: avoiding script injection and other lessonshttp://blogs.msdn.com/jeffdav/archive/2004/02/06/68908.aspx#69225Sat, 07 Feb 2004 12:31:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:69225José JeriaHow about updating (easily done) the code so it also works in Mozilla and other browsers with great DOM support?re: avoiding script injection and other lessonshttp://blogs.msdn.com/jeffdav/archive/2004/02/06/68908.aspx#69533Sun, 08 Feb 2004 07:13:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:69533Raymond ChenExample of social engineering attack: The &quot;Do you want to make 'XYZ' your new home page?&quot; prompt used to allow you to embed newlines into 'XYZ', thereby enabling such misleading dialogs as <br> <br>Do you want to make 'http:// <br> <br> <br> <br>CLICK <br>YES <br>TO <br>CONTINUE <br> <br> <br> <br> <br> <br> <br>@hackersite.com' your new home page? <br> <br>[Yes] [No]Take Outs: The Digital Doggy Bag of Blog Bits for 9 February 2004 http://blogs.msdn.com/jeffdav/archive/2004/02/06/68908.aspx#70364Tue, 10 Feb 2004 06:49:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:70364Enjoy Every SandwichThe daily list of stuff I found interesting while blogreading.re: avoiding script injection and other lessonshttp://blogs.msdn.com/jeffdav/archive/2004/02/06/68908.aspx#70583Tue, 10 Feb 2004 12:35:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:70583Stefan Demetz<a target="_new" href="http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/02/06/6748.aspx">http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/02/06/6748.aspx</a>re: avoiding script injection and other lessonshttp://blogs.msdn.com/jeffdav/archive/2004/02/06/68908.aspx#179398Sat, 10 Jul 2004 14:10:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:179398stefan demetzLobby MS to eliminate SQL injection <br><a target="_new" href="http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/07/10/18763.aspx">http://dotnetjunkies.com/WebLog/stefandemetz/archive/2004/07/10/18763.aspx</a> jeff s WebLog avoiding script injection and other lessons | low cost car insurancehttp://blogs.msdn.com/jeffdav/archive/2004/02/06/68908.aspx#9765653Wed, 17 Jun 2009 07:19:22 GMT91d46819-8472-40ad-a661-2c78acb4018c:9765653 jeff s WebLog avoiding script injection and other lessons | low cost car insurance<p>PingBack from <a rel="nofollow" target="_new" href="http://lowcostcarinsurances.info/story.php?id=3457">http://lowcostcarinsurances.info/story.php?id=3457</a></p>