[horde] How horde protects from XSS Vulnerability?
SZÉPE Viktor
viktor at szepe.net
Thu Apr 19 13:34:09 UTC 2018
Idézem/Quoting ANANT S ATHAVALE <asa at isac.gov.in>:
> Dear Team,
>
> Recently we observed that, when a script with src like <script
> src=......></script> is in HTML body of the message, horde/imp did
> not execute it and view source confirmed that, the script was
> truncated.
>
> I assume that, Horde has taken care of these XSS vulnerabilties
> within its code. Just curious.
Yes, IMP strips out/changes some parts of HTML messages.
> Confidentiality Notice: This e-mail message, including any
> attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited.
Please be aware that this mailing list is archived publicly.
SZÉPE Viktor, honlap üzemeltetés / Running your application
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
--
ügyelet/hotline: +36-20-4242498 sms at szepe.net skype: szepe.viktor
Budapest, III. kerület
More information about the horde
mailing list