2008-01-18 - hoshikuzu | star_dust dairy - about UTF-7 XSS Cheat SheetãŠãã‚Œã°ã›ãªãŒã‚‰ä¸‹è¨˜ã‚’æ‹è¦‹ã—ã¾ã—ãŸã€‚ UTF-7 XSS Cheat Sheet Specify charset clearly (HTTP header is recommended) Don't place the text attacker can control before <meta> Specify recognizable charset name by browser. 上記ã®ã‚ˆã†ãªå¯¾ç–ã‚’å¿…è¦ã¨ã™ã‚‹ã‚µã‚¤ãƒˆã§ã¯æ”¾ç½®ã—ã¦ãŠã‘ã°UTF-7ç³»ã®XSS以外ã§ã‚‚XSSã®å±é™ºæ€§ã¯å˜åœ¨ã—ã†ã‚‹ã¨æ€ã‚ã‚Œã¾ã™ã€‚ã§ã™ã®ã§â€¦ ã‚ã¨ã€ãƒ¤ãƒžã‚¬ã‚¿ã•ã‚“ã®å応をèªã¿ãªãŒã‚‰æ€ã£ãŸã‚“ã§ã™ãŒã€ä¸€èˆ¬çš„ãªXSS対ç–ã§ã€Œ<ã€ã€Œ>ã€ãªã©ã‚’「<ã€ã€Œ>ã€ã«ã‚¨ã‚¹ã‚±ãƒ¼ãƒ—ã™ã‚‹ã‚ˆã†ã«ã€æ©Ÿæ¢°çš„ã«ã€Œ+ã€ã‚’「+ã€ã«ã‚¨ã‚¹ã‚±ãƒ¼ãƒ—ã—ã¦ã‚„ã‚Œã°ã€ä¸‡ãŒä¸€ã®ã¨ãã§ã‚‚UTF-7ã«ã‚ˆã‚‹XSSを防ã’るよã†ãªæ°—ã‚‚ã—ãŸã‚“ã§ã™ã‘ã©ã€ã‚ã¾ã‚Šæ·±ã
åºå†…LAN掲載ã¯è‘—作権侵害 社ä¿åºãŒæ•—訴 - MSN産経ニュース
JAPAN LAW EXPRESS: æ±äº¬åœ°è£ã€ç¤¾ä¼šä¿é™ºåºå†…部LANã®é›»å掲示æ¿ã«é›‘誌記事を複製ã™ã‚‹ã“ã¨ã¯è‘—作権侵害ã«ãªã‚‹ã¨åˆ¤æ–
{{#tags}}- {{label}}
{{/tags}}