Forum OpenACS Q&A: Response to Bugtraq: cross site scripting

Posted by Jonathan Ellis on
One way around this, used on Altavista and other sites now is to require the user to decode a gif image of some badly distorted letters and numbers. Machines can't do that yet, so requesting the initial form will not help the hacker.

If anyone's interested in doing something like this, I can give you the code I wrote for this in 3.2.