Forum OpenACS Q&A: Response to Bugtraq: cross site scripting

Collapse
18: Response to Bugtraq: cross site scripting (response to 1)
Posted by Jonathan Ellis on 03/28/02 04:58 PM
One way around this, used on Altavista and other sites now is to require the user to decode a gif image of some badly distorted letters and numbers. Machines can't do that yet, so requesting the initial form will not help the hacker.

If anyone's interested in doing something like this, I can give you the code I wrote for this in 3.2.