IEBlog : IE8 Security Part IV: The XSS Filter - 葉ã£ã±æ—¥è¨˜IEBlog : IE8 Security Part IV: The XSS Filter ã«ã¤ã„ã¦ã€è¨˜äº‹ã‚’書ã„㟠David Ross ã•ã‚“ã«ç¿»è¨³è¨±å¯ã‚’もらã„ã¾ã—ãŸã®ã§ã€è¨³ã—ã¦ã¿ã¾ã—ãŸã€‚誤訳や指摘ãŒã‚ã‚Šã¾ã—ãŸã‚‰ã‚¬ãƒ³ã‚¬ãƒ³çªã£è¾¼ã¿ã‚’ãŠé¡˜ã„ã„ãŸã—ã¾ã™(ä»–ã®è¨˜äº‹ã‚‚時間をã¨ã£ã¦è¨³ã—ã¦ã„ã“ã†ã¨æ€ã„ã¾ã™)。当然ãªãŒã‚‰ã€ã“ã‚Œã¯ç§ãŒç§çš„ã«è¨³ã—ãŸã‚‚ã®ã§ã‚ã‚Šã€Microsoftã«ã‚ˆã‚‹å…¬å¼ãªç¿»è¨³/見解ã§ã¯ã‚ã‚Šã¾ã›ã‚“。 (è¨³æ³¨è¿½åŠ ) 「reflected / Type-1 XSSã€ã¨ã„ã†ã®ã¯ã€æ”»æ’ƒã‚³ãƒ¼ãƒ‰ãŒè¢«å®³è€…ã‹ã‚‰ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆè‡ªèº«ã«å«ã¾ã‚Œã‚‹ã‚¿ã‚¤ãƒ—ã®XSSã§ã€ã‚µãƒ¼ãƒå´ã®ã‚¢ãƒ—リケーションã§ãƒ¦ãƒ¼ã‚¶ã‹ã‚‰ã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã«å«ã¾ã‚Œã‚‹æ”»æ’ƒã‚³ãƒ¼ãƒ‰ã‚’「åå°„çš„ã€ã«è¿”ã™ã‚ˆã†ãªç¨®é¡žã®XSSã§ã™ã€‚典型的ã«ã¯ã€Œ"><script>...ã€ã®ã‚ˆã†ãªèªžã‚’検索ã—ãŸã¨ãã« <input type="text" value=""><script>..."
{{#tags}}- {{label}}
{{/tags}}