A Billion More Laughs: The JavaScript hack that acts like an XML attack

Don is off in Lowell working on a project with our ARX folks so I was working late last night (finishing my daily read of the Internet) and ended up reading Scott Hanselman's discussion of threads ve...
Published Sep 11, 2008
Version 1.0
ajax
application
applications
arx
ASM Advanced WAF
chrome
dev
exploits
http
ie8
Joe_Pruitt's avatar
Joe_Pruitt
Sep 11, 2008
Another option is to control what you know. Javascript is fine as long as you are the one including it. Disable Javascript for all non-known entities (ie, comments, trackbacks, etc). This could help a bit...

 

 

-Joe