PDA

View Full Version : homepage security


sabret00the
05-16-2004, 09:09 PM
in calling the homepage as $userinfo[homepage] is their any security risks if i just have
<a href="$userinfo[homepage]">$userinfo[homepage]</a>

filburt1
05-16-2004, 09:21 PM
in calling the homepage as $userinfo[homepage] is their any security risks if i just have
<a href="$userinfo[homepage]">$userinfo[homepage]</a>
I believe that quotes are stripped from the URL so it should be fine. As a test, change your profile home page to (including the quotes):

" onMouseOver="alert('foo')
Then move your mouse over the resulting link and see if you get a Javascript alert.

edit: Also try this important test:

javascript:alert('foo')

...and click the link and see what happens.

sabret00the
05-16-2004, 09:44 PM
thanks, wouldn't let me insert either into the database :D#

thanks for helping me, i really appreciate that.