Simon Willison’s Weblog

2 items tagged “blacklisting”

Javascript protocol fuzz results. If your HTML sanitizer uses blacklisting rather than whitelisting here are a few more weird ways of injecting javascript: in to a link that you need to worry about—but you should really switch to whitelisting http:// and https:// instead. # 30th June 2008, 3:57 pm

Crowd 1.1.0 Release Notes. Atlassian software are now offering a commercial OpenID provider, with the ability to hook in to an existing LDAP directory and some smart whitelist / blacklist options. # 21st June 2007, 8:29 am