|

»

»

w3.org - www-rdf-validator

XSS vulnerability in RDF validation service

View: New views

1 Messages — Rating Filter: Alert me

XSS vulnerability in RDF validation service

by Philip Taylor-5 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

See
<http://www.w3.org/RDF/Validator/ARPServlet?URI=http%3A%2F%2Fphilip.html5.org%2Fdemos%2Frdfa%2Fmisc02.html&PARSE=Parse+URI%3A+&TRIPLES_AND_GRAPH=PRINT_TRIPLES&FORMAT=PNG_EMBED>

The validator displays strings without any escaping, allowing arbitrary
script code to be executed in the www.w3.org security context.

--
Philip Taylor
pjt47@...