Home »
FUDforum »
FUDforum Suggestions »
Avatars and URL control
Avatars and URL control [message #35857] |
Sat, 17 February 2007 17:07 ![Go to next message Go to next message](/forum/theme/default/images/down.png) |
Marticus
![United States United States](/forum/images/flags/us.png) Messages: 272 Registered: June 2002
Karma: 1
|
Senior Member |
|
|
Hey! Long time no post. I have a new question regarding the security of a new site I am building. How difficult would it be to add an option to allow URL avatars while prohibiting URLs from outside the domain? I have two sub domains, the forums on one, and an avatar generator on another. The rest is self explanitory. Thanks!
Marticus
|
|
|
|
|
Re: Avatars and URL control [message #35868 is a reply to message #35861] |
Sun, 18 February 2007 16:58 ![Go to previous message Go to previous message](/forum/theme/default/images/up.png) |
Ilia
![Canada Canada](/forum/images/flags/ca.png) Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
There is possibility of someone injecting XSS onto a trusted domain allowing them to then inject JS code via avatars into forum page potentially leading to session take over.
FUDforum Core Developer
|
|
|
Goto Forum:
Current Time: Mon Feb 17 21:55:44 GMT 2025
Total time taken to generate the page: 0.04113 seconds