Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Security? How to?

Hello!
There are textarea elements in my pages and they allow html codes. I know this is not secure. What can I do for a more secure page. What can I control before adding the records to db.
Thanks....

Comments

  • windwardwindward Member Posts: 3
    : Hello!
    : There are textarea elements in my pages and they allow html codes. I know this is not secure. What can I do for a more secure page. What can I control before adding the records to db.
    : Thanks....
    :
    :

    Why do you say it's not secure? Are you afraid users will enter in say iFrame elements using HTML?
  • ieriieri Member Posts: 22

    : Why do you say it's not secure? Are you afraid users will enter in say iFrame elements using HTML?
    :
    Maybe!
    Users can enter javascript functions for example. I know that the default users won't do this but I can't be sure who will use this site.
    Once I read on a e-book that 'hackers' can redirect you to another site by adding a small javascritp function to a text element that is sent to db.
  • windwardwindward Member Posts: 3
    :
    : : Why do you say it's not secure? Are you afraid users will enter in say iFrame elements using HTML?
    : :
    : Maybe!
    : Users can enter javascript functions for example. I know that the default users won't do this but I can't be sure who will use this site.
    : Once I read on a e-book that 'hackers' can redirect you to another site by adding a small javascritp function to a text element that is sent to db.
    :
    I assume your making it so users can enter some information in then submit then you save it to a database. Before saving it the database grab the contents of what they entered (either a request.form) or possible the variable you set the form information to and perform a set of replacement functions for instance:

    formVariable = request.form("textboxname")

    formVariable = replace(formVariable," (greater then and less then) tags into code equals < and > that way when they are pulled and render on the page they actually display the tags rather then interpret them as HTML tags.

    Special Characters
    http://webmonkey.wired.com/webmonkey/reference/special_characters/

Sign In or Register to comment.