http://news.zdnet.com/2100-1009_22-6102171.html?tag=nl.e589 OK, this seems a little naive. Javascript in RSS shouldn't create any more vulnerabilities than...
... The threat is very real, companies like Bloglines, NewsGator, and Microsoft are treating it very seriously, and the whitepaper describing the exploits...
If it is of any help to the community, I have created several test feeds to do some experimenting. http://rsstest.markwoodman.com/ Trying these out, I have...
... Oh, for instance, Bloglines keeps pretty much their entire interface in JavaScript, so once you've got script injection you can (or could, last time I...
... For a desktop client (at least Windows clients using IE for the renderer) the javascript is by default running in a different security zone than it would...
... present inside ... That was my reaction too. So, I finally got around to writing some dead-simple test RSS feeds... and completely whacked my online...
... First, many consumers do the equivalent of strcpy of the bytes inside the description without doing the equivalent of full tag soup HTML parser. BTW,...
... Any effort at the syntactic level by non-browser libraries is destined to become a game of whack-a-mole. Browser vendors should have dealt with this one a...
... First, many consumers do the equivalent of strcpy of the bytes inside the description without doing the equivalent of full tag soup HTML parser. BTW,...
... I've been through that too, but you should be able to unsubscribe yourself with a bit of effort. You just need to know the URL required to unsubscribe from...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email