Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

•Re: Re: Preventing Cross-site Scripting Attacks

by merlyn (Sage)
on Feb 23, 2002 at 01:56 UTC ( #147021=note: print w/ replies, xml ) Need Help??


in reply to Re: Preventing Cross-site Scripting Attacks
in thread Preventing Cross-site Scripting Attacks

I was pointing out the dangers of user-permitted HTML markup many years ago when I talked about how I was including Barney the Dinosaur into guestbooks on my home page.

I don't think there's a completely secure solution. tilly wrote a fairly nice strongbox solution that permits very carefully a subset of HTML, but it's more in the "only permitted things allowed" realm than the "look for bad things and prevent them" realm. Given the risk, I'd say this is the right approach.

-- Randal L. Schwartz, Perl hacker


update: Thanks to mdillon for the link for tilly's node.


Comment on •Re: Re: Preventing Cross-site Scripting Attacks
Re: Re: Re: Preventing Cross-site Scripting Attacks
by mdillon (Priest) on Feb 23, 2002 at 02:13 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://147021]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (15)
As of 2015-07-03 07:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (48 votes), past polls