Skip to content

Kévin Dunglas

Founder of Les-Tilleuls.coop (worker-owned cooperative). Creator of API Platform, Mercure.rocks, Vulcain.rocks and of some Symfony components.

Menu
  • Talks
  • Resume
  • Sponsor me
  • Contact
Menu

Tag: XSS

Patch to use sfXssSafePlugin with symfony 1.2

Posted on February 1, 2009December 31, 2020 by Kévin Dunglas

HTML Purifier is a awesome PHP filter library designed to secure and add standard compliance to HTML. In websites including user generated content, this library allow to have mutlimedia pages including image, text formating and YouTube videos in a secure and SEO proof way thanks to rich text editors like Tiny MCE or FCK Editor…

Read more

MessengerFX’s security problem corrected

Posted on October 6, 2008 by Kévin Dunglas

Some times ago I found a Cross Site Scripting vulnerability in MessengerFX, a popular web-based Windows Live Messenger client. Friday I received from the team saying that the problem is now corrected: Hi Kevin, First of all i want to thank you for your warn. We fixed that problem and now its working correctly. […]…

Read more

La faille de sécurité touchant MessengerFX semble corrigée

Posted on October 6, 2008January 12, 2014 by Kévin Dunglas

Il y’a quelques temps, j’avais découvert une vulnérabilité de type Cross Site Scripting dans MessengerFX, un client web populaire pour le réseau Windows Live Messenger, qui pouvait avoir de fâcheuses conséquences : en plus de pouvoir faire planter le navigateur de n’importe quel utilisateur du service, elle permet d’accéder à toutes les fonctionnalités implémentées par…

Read more

Vulnérabilité critique dans MessengerFX

Posted on May 16, 2008October 6, 2008 by Kévin Dunglas

MessengerFX est un client populaire pour Windows Live Messenger (anciennement MSN Messenger) écrit en AJAX. Sa spécificité et de permettre de se connecter au réseau via un simple navigateur web. En voulant coller du code HTML à Edouard, je me suis rendu compte qu’il était interprété par le navigateur. Faille de type XSS ? Effectivement…

Read more

Follow me on Twitter

My Tweets

Subscribe to this blog

Recent Posts

  • Read the Linux Manual Pages on Mac and BSD, Directly From the Terminal
  • Ne vous lamentez pas, organisez-vous !
  • FrankenPHP: The Modern Php App Server, written in Go
  • API Platform 3 Is Released!
  • Mercure 0.14: Major Performance Improvement and New Features

Top Posts & Pages

  • Securely Access Private Git Repositories and Composer Packages in Docker Builds
  • JSON Columns and Doctrine DBAL 3 Upgrade
  • API Platform 3 Is Released!
  • Generate a Symfony password hash from the command line
  • PHP 7: Introducing a domain name validator and making the URL validator stricter
  • Mercure 0.14: Major Performance Improvement and New Features
  • Goroutines, threads, and thread IDs
  • Symfony's New Native Docker Support (Symfony World)
  • FrankenPHP: The Modern Php App Server, written in Go
  • Connection to a MS SQL Server from Symfony / Doctrine on Mac or Linux

Persistence in PHP with the Doctrine ORM

Persistence in PHP with the Doctrine ORM

Tags

Apache API API Platform Buzz Caddy Docker Doctrine Go Google GraphQL HTTP/2 Hydra hypermedia Hébergement Javascript JSON-LD Kubernetes La Coopérative des Tilleuls Les-Tilleuls.coop Lille Linux Mac Mercure Mercure.rocks Messagerie Instantanée MySQL PHP Punk Rock Python React REST Rock'n'Roll RSS Schema.org Security SEO SEO Symfony Symfony Live Sécurité Ubuntu Web 2.0 Wordpress XHTML XML

Archives

Categories

  • DevOps (25)
  • Mercure (4)
  • Opinions (91)
  • Programming (185)
    • Android (5)
    • Go (13)
    • JavaScript (43)
    • PHP (143)
      • API Platform (65)
      • Symfony (89)
    • Python (14)
      • Django (5)
  • Security (15)
  • SEO (24)
  • Talks (39)
  • Ubuntu (68)
  • Wordpress (6)

Social

  • Mastodon
  • Twitter
  • LinkedIn
  • YouTube
  • GitHub

Links

  • API Platform
  • Les-Tilleuls.coop
  • Mercure.rocks
  • Vulcain.rocks
© 2023 Kévin Dunglas | Powered by Minimalist Blog WordPress Theme