UTF-7 XSS Cheat Sheet
#0 Countermeasures
Countermeasures against XSS with UTF-7 are:
- Specify charset clearly (HTTP header is recommended)
- Don't place the text attacker can control before <meta>
- Specify recognizable charset name by browser.
For more information about UTF-7 trick, see "
Cross-site scripthing with UTF-7".
These XSS patterns are tested on IE6 and IE7.
Yosuke HASEGAWA <hasegawa@openmya.hacker.jp>
Last modified: 2008-01-11