CERT Advisory CA-2000-02
Thomas Dowling
tdowling at ohiolink.edu
Thu Feb 3 09:49:13 EST 2000
W4L--
CERT has issued an advisory about security issues for web sites that
created dynamic output based on user input, such as message boards or chat
pages. http://www.cert.org/advisories/CA-2000-02.html
What you probably want to be aware of is the recommended solution: "Web
Users Should Disable Scripting Languages in Their Browser". As someone
who surfs with scripting off by default, I can tell you a lot of sites
with JavaScript infatuation completely fall apart with scripting off.
This might be a good time to check your <NOSCRIPT> elements.
[List members who've endured my kvetching in the past will recall that
scriptless usability is also a priority 1 checkpoint in the Web Content
Accessibility Guidelines, so you'll be killing two birds with one stone.]
Thomas Dowling
OhioLINK - Ohio Library and Information Network
tdowling at ohiolink.edu
More information about the Web4lib
mailing list