[horde] How horde protects from XSS Vulnerability?

SZÉPE Viktor viktor at szepe.net
Thu Apr 19 13:34:09 UTC 2018


Idézem/Quoting ANANT S ATHAVALE <asa at isac.gov.in>:

> Dear Team,
>
> Recently we observed that, when a script with src like <script  
> src=......></script> is in HTML body of the message, horde/imp  did  
> not execute it and  view source confirmed that, the script was  
> truncated.
>
> I assume that, Horde has taken care of these XSS vulnerabilties  
> within its code.  Just curious.

Yes, IMP strips out/changes some parts of HTML messages.

> Confidentiality Notice: This e-mail message, including any  
> attachments, is for
> the sole use of the intended recipient(s) and may contain confidential and
> privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited.

Please be aware that this mailing list is archived publicly.



SZÉPE Viktor, honlap üzemeltetés / Running your application
https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md
-- 
ügyelet/hotline: +36-20-4242498  sms at szepe.net  skype: szepe.viktor
Budapest, III. kerület







More information about the horde mailing list