Security? How to?

Hello!
There are textarea elements in my pages and they allow html codes. I know this is not secure. What can I do for a more secure page. What can I control before adding the records to db.
Thanks....

Comments

  • : Hello!
    : There are textarea elements in my pages and they allow html codes. I know this is not secure. What can I do for a more secure page. What can I control before adding the records to db.
    : Thanks....
    :
    :

    Why do you say it's not secure? Are you afraid users will enter in say iFrame elements using HTML?

  • : Why do you say it's not secure? Are you afraid users will enter in say iFrame elements using HTML?
    :
    Maybe!
    Users can enter javascript functions for example. I know that the default users won't do this but I can't be sure who will use this site.
    Once I read on a e-book that 'hackers' can redirect you to another site by adding a small javascritp function to a text element that is sent to db.
  • :
    : : Why do you say it's not secure? Are you afraid users will enter in say iFrame elements using HTML?
    : :
    : Maybe!
    : Users can enter javascript functions for example. I know that the default users won't do this but I can't be sure who will use this site.
    : Once I read on a e-book that 'hackers' can redirect you to another site by adding a small javascritp function to a text element that is sent to db.
    :
    I assume your making it so users can enter some information in then submit then you save it to a database. Before saving it the database grab the contents of what they entered (either a request.form) or possible the variable you set the form information to and perform a set of replacement functions for instance:

    formVariable = request.form("textboxname")

    formVariable = replace(formVariable," (greater then and less then) tags into code equals < and > that way when they are pulled and render on the page they actually display the tags rather then interpret them as HTML tags.

    Special Characters
    http://webmonkey.wired.com/webmonkey/reference/special_characters/

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories