Re: Preventing code execution

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 48500
interpreted = N
texte = >At 8:09 AM +1300 3/7/03, Alain Russell wrote: >>Well then .. > >No... I think he wants to include html code that will get displayed >but not executed. In other words he wants the browser to display >

not interpret it. > >So for the webdna stuff, he has to wrap it in [raw] context. This is incorrect!It is impossible for the webdna software to execute webdna code that's stored in a db field *unless* you wrap the appropriate db field tag in an [interpret] context.The use of a [raw] context is not necessary at all in this situation, regardless of what three other people have claimed in their responses. All three of them are dead wrong.If your webdna installation is interpreting webdna code that has been retrieved from a db field that is NOT inside an interpret context, your security is seriously compromised -- and more importantly, the software has major problems that need immediate attention of SMSI.But it seems that your only issue is whether or not HTML code is displayed, right? If this is correct, just wrap the db field tag in a convertchars context. The standardconversions.db that functions as the default db for the convertchars context will take care of this problem for you automatically.Sincerely, Kenneth Grome--------------------------------------------------- WebDNA Professional Training and Development Center Cebu City, Philippines +63 (32) 255-6921 Wholesale WebDNA programming for only $20 per hour! ---------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Preventing code execution (Larry Goodhew 2003)
  2. Re: Preventing code execution (Donovan 2003)
  3. Re: Preventing code execution (John Hill 2003)
  4. Re: Preventing code execution (Gary Krockover 2003)
  5. Re: Preventing code execution (Donovan 2003)
  6. Re: Preventing code execution (Rob 2003)
  7. Re: Preventing code execution (Donovan home EHG 2003)
  8. Re: Preventing code execution (Rob 2003)
  9. Re: Preventing code execution (Joe D'Andrea 2003)
  10. Re: Preventing code execution (Kenneth Grome 2003)
  11. Re: Preventing code execution (Gary Krockover 2003)
  12. Re: Preventing code execution (Rob 2003)
  13. Re: Preventing code execution (Kenneth Grome 2003)
  14. Re: Preventing code execution (Rob 2003)
  15. Re: Preventing code execution (Stuart Tremain 2003)
  16. Re: Preventing code execution (Joe D'Andrea 2003)
  17. Re: Preventing code execution (John Hill 2003)
  18. Re: Preventing code execution (Alain Russell 2003)
  19. Re: Preventing code execution (Jay Van Vark 2003)
  20. Re: Preventing code execution (Craig Forest 2003)
  21. Re: Preventing code execution (Jay Van Vark 2003)
  22. Preventing code execution (Craig Forest 2003)
>At 8:09 AM +1300 3/7/03, Alain Russell wrote: >>Well then .. > >No... I think he wants to include html code that will get displayed >but not executed. In other words he wants the browser to display >

not interpret it. > >So for the webdna stuff, he has to wrap it in [raw] context. This is incorrect!It is impossible for the webdna software to execute webdna code that's stored in a db field *unless* you wrap the appropriate db field tag in an [interpret] context.The use of a [raw] context is not necessary at all in this situation, regardless of what three other people have claimed in their responses. All three of them are dead wrong.If your webdna installation is interpreting webdna code that has been retrieved from a db field that is NOT inside an interpret context, your security is seriously compromised -- and more importantly, the software has major problems that need immediate attention of SMSI.But it seems that your only issue is whether or not HTML code is displayed, right? If this is correct, just wrap the db field tag in a convertchars context. The standardconversions.db that functions as the default db for the convertchars context will take care of this problem for you automatically.Sincerely, Kenneth Grome--------------------------------------------------- WebDNA Professional Training and Development Center Cebu City, Philippines +63 (32) 255-6921 Wholesale WebDNA programming for only $20 per hour! ---------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] Mac Question (2018) search not executing from a post, but works fine with (2004) Grep, convertwords and BOLDWORDS not playing nice. (2002) Using Cookie for client specific info? (1997) Google Web Accelerator (2005) FORMS: Returning a specific page (1997) Make sure I understand this??? (1997) Still Stumped on ShowNext...HELP! (1997) orderfile location (1999) PCS Frames (1997) PROBLEM (1997) WebDNA Quick Reference (Reserved Words) (2000) Multiple prices (1997) 2.0Beta Command Ref (can't find this instruction) (1997) expired beta (1997) [OT]: BBEdit grep (2003) Great product and great job ! (1997) Crash Log Question (2006) authorize.net CC processing (was WC on Mac OS X or Mac OS (2001) Pithy questions on webcommerce & siteedit (1997)