vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Community Lounge (https://vborg.vbsupport.ru/forumdisplay.php?f=13)
-   -   Javascript Injection (https://vborg.vbsupport.ru/showthread.php?t=81602)

Dean C 05-17-2005 02:18 PM
As another safety precaution you should probably strip on.* attributes :)

Edit: Ah I see you already have ;)

Zero Tolerance 05-17-2005 09:14 PM
Quote:
Originally Posted by filburt1
It looks effective at first glance, but it makes assumptions on HTML that could change at any time.
The HTML will be submitted by users, think of it as posts, but unsubmit it will check then if any elements of JS injections are found, and if so - it will stop and warn them about it, telling them to remove it.

So they have to bypass this security before they can proceed to save the data.

- Zero Tolerance

filburt1 05-17-2005 10:23 PM
My point is the HTML spec changes constantly, and additional methods for inserting scripting may become available.

Zero Tolerance 05-17-2005 11:30 PM
Quote:
Originally Posted by filburt1
My point is the HTML spec changes constantly, and additional methods for inserting scripting may become available.
Ah, true, i know i won't be able to rule out every possible way, but if i can rule out a lot of ways that are mostly known, then it will be more secure.

- Zero Tolerance


All times are GMT. The time now is 12:26 AM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01563 seconds
  • Memory Usage 1,715KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete