UTF-7 XSS Cheat Sheet
Countermeasures against XSS with UTF-7 are:
- Specify charset clearly (HTTP header is recommended)
- Don't place the text attacker can control before <meta>
- Specify recognizable charset name by browser.
For more information about UTF-7 trick, see "Cross-site scripthing with UTF-7
These XSS patterns are tested on IE6 and IE7.
Yosuke HASEGAWA <firstname.lastname@example.org>
Last modified: 2008-01-11