Microsoft IE 8 toStaticHTML()函数不安全HTML过滤漏洞

BUGTRAQ ID: 42467 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 IE8中对窗口对象提供了名为toStaticHTML的过滤方式。如果向这个函数传送了HTML字符串，在返回之前会删除所有可执行的脚本结构。例如，可使用toStaticHTML方式确保从postMessage调用所接收到的HTML无法执行脚本，但可利用基本格式： document.attachEvent'onmessage',functione if e.domain == 'weather.example.com' spnWeather.innerHTML =...

PT-2010-2962 · Microsoft · Sharepoint Services +4

Name of the Vulnerable Software and Affected Versions: Microsoft Office InfoPath versions 2003 SP3 through 2007 SP2 Office SharePoint Server versions 2007 SP1 through 2007 SP2 SharePoint Services versions 3.0 SP1 through 3.0 SP2 Internet Explorer version 8 Description: The issue is related to a...