r0xes had an interesting XSS vulnerability posted to Bugtraq yesterday where he was able to bypass some XSS filters by simply adding a space between the event handler and the equals sign. It’s simple enough but hey, anything that gets around filters is worth noting. Regex is often very flawed.

Jeremiah Grossman from WhiteHatSec just published an interesting paper on XSS worms that’s worth a read. I got a sneak peek of it a few weeks back and it’s definitely worth a look if you are interested in things like the MySpace worm.

thegooglecache.com has a brief but interesting article on finding XSS exploits that are in URLs. Honestly this is a pretty weak way to perform this type of auditing, but it may point to bigger issues if search engines ever start indexing JavaScript, for instance. Wouldn’t it be easier to search for dom based reflected XSS in one request verses thousands?