• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 464
  • Last Modified:

How does encoding/decoding work in IE and Firefox?

When testing XSS payloads, a attack payloads didn’t work at first time, but from second time it always worked. Some attack payload worked in IE; but didn’t work in Firefox. So I want to know more detail how encoding/decoding work in IE and Firefox.

Is there any link and document about this issue?

Thanks very much in advance
0
howruaz9
Asked:
howruaz9
2 Solutions
 
Ray PaseurCommented:
There are thousands of links and documents about the issue.  It's a very broad question!

http://lmgtfy.com/?q=XSS+Security
0
 
rajivvishwaCommented:
There is no clear cut comparison or explanation on how each browser is designed to prevent various vulnerabilities. The security architecture for each browsers are evolved over a period of time and is not that easy to trace back. No one would expose and document the security implementations esp Microsoft. You might have to go through the source code of the browser to understand how its done. (https://developer.mozilla.org/en/Download_Mozilla_Source_Code)
Easier way would be to  you can go through the advisories where people have identified & logged various XSS vulnerabilities and steps taken by MS/Mozilla to fix those.

But to know which XSS vector is vulnerable on what browser, check RSnake XSS Cheat Sheet, Browser support for each XSS string is mentioned there
(http://ha.ckers.org/xss.html)

Firefox
Dev Documentation - https://developer.mozilla.org/en/Security
Security Adv - http://www.mozilla.org/security/announce/

Internet Explorer
XSS Filter Architecture - http://blogs.technet.com/b/srd/archive/2008/08/19/ie-8-xss-filter-architecture-implementation.aspx
XSS Filter - http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
0
 
howruaz9Author Commented:
Rajivvishwa and Ray_Paseur, thanks for your help – I really appreciate it.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now