September 17 at 11:47 pm
- google.com.au
- Link
The 'Google UTF-7 encoded cross-site scripting (XSS) vulnerabilities' attack was mentioned by Cal Henderson in his talk "Why I hate Django" (djangocon, 06/09/2008) . Good UTF filters should be able to bulk-screen but not specifically avoid this type of attack. Probably still need a block on decoded strings like "script". - Peter Renshaw