Re: CERT Advisory on malicious scripts

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 27093
interpreted = N
texte = >> > The simplest method to prevent this problem is to strip the < character from>>> your form values using a special db with convertchars to convert it to>>> nothing. This effectively prevents people from creating HTML tags.>>I also found that if you enclose the suspect value in

tags in the displaying page, the HTML tags will just be listed, but not interpreted.This may work for some tags -- on some browsers -- but Netscape definitely interprets font tags instead of displaying them, so it probably interprets other html tags as well. I would not rely on this technique unless you test it first on ALL browsers ...================================Kenneth Grome, WebDNA Consultant808-737-6499, http://webdna.net================================-------------------------------------------------------------Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server.To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to  Associated Messages, from the most recent to the oldest:

Re: CERT Advisory on malicious scripts (Kenneth Grome 2000) Re: CERT Advisory on malicious scripts (Miguel Castaneda 2000) Re: CERT Advisory on malicious scripts (Kenneth Grome 2000) Re: CERT Advisory on malicious scripts (John Butler 2000) Re: CERT Advisory on malicious scripts (Joseph D'Andrea 2000) Re: CERT Advisory on malicious scripts (Kenneth Grome 2000) Re: CERT Advisory on malicious scripts (Joseph D'Andrea 2000) Re: CERT Advisory on malicious scripts (The Mooseman 2000) Re: CERT Advisory on malicious scripts (Alex McCombie 2000) Re: CERT Advisory on malicious scripts (Kenneth Grome 2000) CERT Advisory on malicious scripts (Joseph D'Andrea 2000)

>> > The simplest method to prevent this problem is to strip the < character from>>> your form values using a special db with convertchars to convert it to>>> nothing. This effectively prevents people from creating HTML tags.>>I also found that if you enclose the suspect value in

tags in the displaying page, the HTML tags will just be listed, but not interpreted.This may work for some tags -- on some browsers -- but Netscape definitely interprets font tags instead of displaying them, so it probably interprets other html tags as well. I would not rely on this technique unless you test it first on ALL browsers ...================================Kenneth Grome, WebDNA Consultant808-737-6499, http://webdna.net================================-------------------------------------------------------------Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server.To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to  Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

FileMaker and WebCat (1999) BBEdit and WebCatalog 2.0? (1997) New command suggestion (1997) Exclamation Mark with sendmail newsletter (2003) Return records from another (1997) [taxrate] question (1997) protect tag on NT IIS (1997) getchars broken? (1997) Forcing a NEWCART (1997) [WebDNA] [BULK] users.db password lost (2011) Buying sans cart (1997) Truncated value after space - refresh my memory.... (1997) [createfolder] & [deletefolder] (1997) international time (1997) One more try: WebCat for Dummies p2.2 (2000) Mult-File Upload w/ Web Star (2000) Exchange rates (2000) Drop down menu (2003) WC2b15 File Corruption (1997) Change Subtotal (2000)