RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;)
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 102713
interpreted = N
texte = I use this PHP library and like ithttp://htmlpurifier.org/I guess if you needed to use this on a webdna site you could build awebservice layer to send text for cleaning to it. If anyone is interested,I'm happy to help build a bridge.-----Original Message-----From: Frank Nordberg [mailto:frnordbe@online.no] Sent: Monday, June 15, 2009 8:44 AMTo: talk@webdna.usSubject: Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA -Something to talk about ;)Palle Bo Nielsen wrote:> Hi all,> > How do you protect yourself from bad code submitted to a form field.> > How do you make sure that e.g. HTML can be made visible with the right > syntax but no executable when submitted from a form field?I think the standard solution for webforum scripts regardless of programming language is to strip *all* html from the input and then add a set of custom codes for html tags that are allowed. This is easily done in WebDNA using [RemoveHTML] and [ConvertWords]. You can of course use the same procedure to filter out non-acceptable WebDNA tags from the input.Frank Nordberghttp://www.musicaviva.com---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list
.To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usold archives: http://dev.webdna.us/TalkListArchive/
Associated Messages, from the most recent to the oldest:
I use this PHP library and like ithttp://htmlpurifier.org/I guess if you needed to use this on a webdna site you could build awebservice layer to send text for cleaning to it. If anyone is interested,I'm happy to help build a bridge.-----Original Message-----From: Frank Nordberg [mailto:frnordbe@online.no] Sent: Monday, June 15, 2009 8:44 AMTo: talk@webdna.usSubject: Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA -Something to talk about ;)Palle Bo Nielsen wrote:> Hi all,> > How do you protect yourself from bad code submitted to a form field.> > How do you make sure that e.g. HTML can be made visible with the right > syntax but no executable when submitted from a form field?I think the standard solution for webforum scripts regardless of programming language is to strip *all* html from the input and then add a set of custom codes for html tags that are allowed. This is easily done in WebDNA using [removehtml] and [convertwords]. You can of course use the same procedure to filter out non-acceptable WebDNA tags from the input.Frank Nordberghttp://www.musicaviva.com---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list .To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.usold archives: http://dev.webdna.us/TalkListArchive/
"Olin Lagon"
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[delete] problem (1997)
Notepad problems (1998)
Exclamation point (1997)
Digest for 4/18/97 (1997)
PDF writefile problem (2004)
Webcat serving error page? (2000)
Sku numbers (1997)
HTML E-mails demystified (2002)
GuestBook example (1997)
Fedora Core 3 and WebDNA (2005)
WebMerchant 3.0 for Mac shipping now (1998)
Who is John Jakovich? (1999)
WC1.6 to WC2 date formatting -FIXED! (1997)
Multiple catalog databases and showcart (1997)
WebCat2 beta 11 - new prefs ... (1997)
Secure Server (1997)
requiring form fields? (2000)
Emailer errors (1997)
WebDNA 4.5 upgrade? (2002)
fresh eyes needed. Append won't work. (2000)