Re: Hotmail and Windows Live Mail XSS Vulnerabilities
Hi.
On 3 Nov 2006 15:39:02 -0000, applesoup@xxxxxxxxx <applesoup@xxxxxxxxx> wrote:
Hotmail's filter identifies "expression()" syntax in a CSS attribute. According
to Hasegawa Yosuke's
The term "url" in CSS is also widely acceptable in IE6
such as fullwidth "URL" (U+FF35, U+FF32, U+FF2C),
or some Unicode letters (U+0280, U+029F).
More details for
https://www.webappsec.jp/modules/bwiki/index.php?IE%A4%CEexpression%A4%C8url
Regards,
--
HASEGAWA Yosuke
yosuke.hasegawa@xxxxxxxxx