| Avatars and URL control [message #35857] |
Sat, 17 February 2007 17:07  |
Marticus
Messages: 272
Registered: June 2002
Karma: 1
|
Senior Member |
|
|
Hey! Long time no post. I have a new question regarding the security of a new site I am building. How difficult would it be to add an option to allow URL avatars while prohibiting URLs from outside the domain? I have two sub domains, the forums on one, and an avatar generator on another. The rest is self explanitory. Thanks!
Marticus
|
|
|
|
| Re: Avatars and URL control [message #35860 is a reply to message #35857] |
Sat, 17 February 2007 18:23  |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
It leaves too much room for holes IMO, there are no plans to add such functionality into the stock FUDforum.
FUDforum Core Developer
|
|
|
|
|
|
| Re: Avatars and URL control [message #35868 is a reply to message #35861] |
Sun, 18 February 2007 16:58 |
Ilia
Messages: 13241
Registered: January 2002
Karma: 0
|
Senior Member
Administrator
Core Developer |
|
|
There is possibility of someone injecting XSS onto a trusted domain allowing them to then inject JS code via avatars into forum page potentially leading to session take over.
FUDforum Core Developer
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]