Gossamer Forum
Home : Products : Gossamer Mail : Pre Sales :

Javascript Vulnerability

Quote Reply
Javascript Vulnerability
Hi,

Does Gossamer Mail have protection against the type of vulnerability detailed at http://www.sidesport.com/webworm/cl_advisory.html ?

Regards,

Lewis

Quote Reply
Re: Javascript Vulnerability In reply to
Hi,

All Javascript inside of <script> tags are removed when displaying a message. This alert though can depend on things outside of Gossamer Mail. For instance, if you have a feedback form that displays what the user entered without html escaping it, then they could submit a request to that script and run javascript.

Everything Gossamer Mail outputs is by default HTML escaped, so I don't think you would find a hole like that inside Gossamer Mail.

I'll investigate this further to make sure though.

Cheers,

Alex

--
Gossamer Threads Inc.