View Full Version : homepage security
sabret00the
05-16-2004, 09:09 PM
in calling the homepage as $userinfo[homepage] is their any security risks if i just have
<a href="$userinfo[homepage]">$userinfo[homepage]</a>
filburt1
05-16-2004, 09:21 PM
in calling the homepage as $userinfo[homepage] is their any security risks if i just have
<a href="$userinfo[homepage]">$userinfo[homepage]</a>
I believe that quotes are stripped from the URL so it should be fine. As a test, change your profile home page to (including the quotes):
" onMouseOver="alert('foo')
Then move your mouse over the resulting link and see if you get a Javascript alert.
edit: Also try this important test:
javascript:alert('foo')
...and click the link and see what happens.
sabret00the
05-16-2004, 09:44 PM
thanks, wouldn't let me insert either into the database :D#
thanks for helping me, i really appreciate that.
vBulletin® v3.8.12 by vBS, Copyright ©2000-2024, vBulletin Solutions Inc.