Technology Insights

Double Encoding – One Of The Biggest Enemies While Fixing Cross-Site Scripting (XSS)

“You have X amount of Cross-Site Scripting vulnerabilities”. That is a phrase most web developers have heard at least one time, what is a Cross-Site Scripting vulnerability?

OWASP defines Cross-Site Scripting as:

“Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.”

Technology Insights

System Restore disabled by Group Policy & Regedit disabled by Group Policy

I had a customers computer in the store today which was a simple windows XP home edition desktop and they wanted to restore the PC to a earlier time. This is normally a simple task however when I went to system restore I recieved the error “System Restore Disabled by Group policy”. Since this was just a normal persons desktop I found this very odd. Next I tried to edit the policy values via the registry and was greeted by another error saying ” Registry Editing has been Disabled by Group policy”. This was starting to get a little annoying so I decided to document my steps to fix this issue.  Now before I get a hundred comments with people saying there is a better way remember there is more than one way to do things and this is just my way.

Below I document the few simple steps to fix this error.