Richard, there seems to be something important missing from all these topics, and I only just thought of it. For all windows based browsers, "jscript" should be added to the list of words to filter out. I just tried the image link vulnerability with that, having made the changes recommended, and it doesn't stop this for IE/Windoze clients.
Richard, it would probably make sense to add this jscript line to the ReplaceImageTags source code in the Announcements: Security Related Bug Fixes, since it's probably the one with more visibility.
I know it's included in v. 3.3.04, but there is always the possibility that some users will choose to copy and paste the code instead of installing the latest version of the forum code...
Topic Locked
Posted - 18 May 2002 : 18:49:08
For snitz mods and information, see the 
