RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;)

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102713
interpreted = N
texte = I use this PHP library and like it http://htmlpurifier.org/ I guess if you needed to use this on a webdna site you could build a webservice layer to send text for cleaning to it. If anyone is interested, I'm happy to help build a bridge. -----Original Message----- From: Frank Nordberg [mailto:frnordbe@online.no] Sent: Monday, June 15, 2009 8:44 AM To: talk@webdna.us Subject: Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) Palle Bo Nielsen wrote: > Hi all, > > How do you protect yourself from bad code submitted to a form field. > > How do you make sure that e.g. HTML can be made visible with the right > syntax but no executable when submitted from a form field? I think the standard solution for webforum scripts regardless of programming language is to strip *all* html from the input and then add a set of custom codes for html tags that are allowed. This is easily done in WebDNA using [RemoveHTML] and [ConvertWords]. You can of course use the same procedure to filter out non-acceptable WebDNA tags from the input. Frank Nordberg http://www.musicaviva.com --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us old archives: http://dev.webdna.us/TalkListArchive/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  2. RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) ("Olin Lagon" 2009)
  3. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Brian Fries 2009)
I use this PHP library and like it http://htmlpurifier.org/ I guess if you needed to use this on a webdna site you could build a webservice layer to send text for cleaning to it. If anyone is interested, I'm happy to help build a bridge. -----Original Message----- From: Frank Nordberg [mailto:frnordbe@online.no] Sent: Monday, June 15, 2009 8:44 AM To: talk@webdna.us Subject: Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) Palle Bo Nielsen wrote: > Hi all, > > How do you protect yourself from bad code submitted to a form field. > > How do you make sure that e.g. HTML can be made visible with the right > syntax but no executable when submitted from a form field? I think the standard solution for webforum scripts regardless of programming language is to strip *all* html from the input and then add a set of custom codes for html tags that are allowed. This is easily done in WebDNA using [removehtml] and [convertwords]. You can of course use the same procedure to filter out non-acceptable WebDNA tags from the input. Frank Nordberg http://www.musicaviva.com --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us old archives: http://dev.webdna.us/TalkListArchive/ "Olin Lagon"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[delete] problem (1997) Notepad problems (1998) Exclamation point (1997) Digest for 4/18/97 (1997) PDF writefile problem (2004) Webcat serving error page? (2000) Sku numbers (1997) HTML E-mails demystified (2002) GuestBook example (1997) Fedora Core 3 and WebDNA (2005) WebMerchant 3.0 for Mac shipping now (1998) Who is John Jakovich? (1999) WC1.6 to WC2 date formatting -FIXED! (1997) Multiple catalog databases and showcart (1997) WebCat2 beta 11 - new prefs ... (1997) Secure Server (1997) requiring form fields? (2000) Emailer errors (1997) WebDNA 4.5 upgrade? (2002) fresh eyes needed. Append won't work. (2000)