FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » HTML and Javascript -- Dangers
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: HTML and Javascript -- Dangers [message #163919 is a reply to message #163911] Sat, 11 December 2010 19:27 Go to previous message
Ernesto is currently offline  Ernesto   Sweden
Messages: 413
Registered: August 2005
Karma:
Senior Member
XSS cross site scripting.

No, moderating the forum would not eliminate the problem, then the moderator would be volnurable when previewing the message.

HTML enabled forums is a huge huge nono unless only site managers, etc, are allowed to post to it.

You must never allow end-users to supply HTML code unless you have a rock solid bullet proof parser that removes bad or dangerous HTML code.


[Message index]
 
Read Message
Read Message
Read Message
Previous Topic: Downloading all posts in these forums ?
Next Topic: Problem attaching files in FUDForum 2.8.1
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 18:22:00 GMT 2024

Total time taken to generate the page: 0.03955 seconds