<<< Date Index >>>     <<< Thread Index >>>

Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous



A slashdot user suggested the following


"One possible work around on the server side:
Direct your web server to serve .pdf files as mime type "application/octet"
That way the files will be saved to disk instead of opening in the browser plug 
in."


URL:
http://it.slashdot.org/comments.pl?sid=214868&threshold=1&commentsort=0&mode=thread&cid=17450834

This may cause undesired effects on certain browsers on the otherhand. 


- Robert
http://www.cgisecurity.com/ Website Security news, and more
http://www.cgisecurity.com/index.rss [RSS Security Feed]