Posted by Ric on 12/16/06 21:03
OmegaJunior schrieb:
> On Sat, 16 Dec 2006 16:38:28 +0100, Colin McKinnon
> <colin.thisisnotmysurname@ntlworld.deletemeunlessURaBot.com> wrote:
>
>> Marnok.com wrote:
>>
>>> Hi
>>>
>>> I am trying to include a file from another site in my page. The other
>>> page
>>> is messing up the rest of my page - it seems to have an extra
>>> </table>, or
>>> else the </body></html> on the foreign site is confusing my page layout.
>>>
>>> I wondered if there was a "safe" way to include a foreign page so
>>> that it
>>> sits within the boundaries I lay out and is treated only as a
>>> self-contained entity?
>>
>> No.
>>
>> Don't use 'include' or 'require', and expect your site to be XSS
>> vulnerable
>> as a result.
>>
>> Parse it as XML and don't show it if its badly formed.
>>
>> C.
>
> How about an iFrame?
an iframe cannot include pages from other domains and if someone is
talking about xss it is clear that this is about including pages from
other domains
>
> --Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
[Back to original message]
|