2009 Apr 5, 5:24A cross-site request forgery issue in Twitter posts to your Twitter account for you if you're logged in. Be careful what your RESTful APIs look like.
via:swannman security twitter xss 2009 Feb 3, 11:15"r2719 specifies that browsers should not allow scripts to set document.domain to anything on the Public Suffix List, such as "com" or "co.jp". Essential background reading on why this is dangerous:
Untraceable XSS Attacks. Most browsers already block this attack, e.g. Firefox since 3.0. [Background: Re: Setting document.domain]"
html5 tld publicsuffix dns security html internet web reference w3c 2008 May 2, 1:55Avoid sniffing using the HTTP range header: "...if we have an application...which protects against FindMimeFromData XSS attacks by searching the first 256 bytes for certain strings, then we can
simply place our strings after the first 256 bytes and get Fl
via:swannman http http-header range xss security 2008 Apr 21, 12:05ISPs show ads for unreigstered domains including subdomains which malicious folk use to XSS. Oops.
article security internet web xss advertising 2008 Mar 6, 2:22Using IE's mimetype sniffing for XSS attacks.
mime http sniffing sniff security browser ie ie7 pdf 2008 Jan 28, 10:39Name your computer an HTML string to inject that HTML into the target wireless router's HTML configuration page.
via:swannman security xss injection dhcp