Re: Preventing code execution
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 48500
interpreted = N
texte = >At 8:09 AM +1300 3/7/03, Alain Russell wrote:>>Well then ..>>No... I think he wants to include html code that will get displayed >but not executed. In other words he wants the browser to display >
not interpret it.>>So for the webdna stuff, he has to wrap it in [raw] context.This is incorrect!It is impossible for the webdna software to execute webdna code that's stored in a db field *unless* you wrap the appropriate db field tag in an [interpret] context.The use of a [raw] context is not necessary at all in this situation, regardless of what three other people have claimed in their responses. All three of them are dead wrong.If your webdna installation is interpreting webdna code that has been retrieved from a db field that is NOT inside an interpret context, your security is seriously compromised -- and more importantly, the software has major problems that need immediate attention of SMSI.But it seems that your only issue is whether or not HTML code is displayed, right? If this is correct, just wrap the db field tag in a convertchars context. The standardconversions.db that functions as the default db for the convertchars context will take care of this problem for you automatically.Sincerely,Kenneth Grome---------------------------------------------------WebDNA Professional Training and Development CenterCebu City, Philippines +63 (32) 255-6921Wholesale WebDNA programming for only $20 per hour!----------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
>At 8:09 AM +1300 3/7/03, Alain Russell wrote:>>Well then ..>>No... I think he wants to include html code that will get displayed >but not executed. In other words he wants the browser to display > not interpret it.>>So for the webdna stuff, he has to wrap it in [raw] context.This is incorrect!It is impossible for the webdna software to execute webdna code that's stored in a db field *unless* you wrap the appropriate db field tag in an [interpret] context.The use of a [raw] context is not necessary at all in this situation, regardless of what three other people have claimed in their responses. All three of them are dead wrong.If your webdna installation is interpreting webdna code that has been retrieved from a db field that is NOT inside an interpret context, your security is seriously compromised -- and more importantly, the software has major problems that need immediate attention of SMSI.But it seems that your only issue is whether or not HTML code is displayed, right? If this is correct, just wrap the db field tag in a convertchars context. The standardconversions.db that functions as the default db for the convertchars context will take care of this problem for you automatically.Sincerely,Kenneth Grome---------------------------------------------------WebDNA Professional Training and Development CenterCebu City, Philippines +63 (32) 255-6921Wholesale WebDNA programming for only $20 per hour!----------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Kenneth Grome
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] Mac Question (2018)
search not executing from a post, but works fine with (2004)
Grep, convertwords and BOLDWORDS not playing nice. (2002)
Using Cookie for client specific info? (1997)
Google Web Accelerator (2005)
FORMS: Returning a specific page (1997)
Make sure I understand this??? (1997)
Still Stumped on ShowNext...HELP! (1997)
orderfile location (1999)
PCS Frames (1997)
PROBLEM (1997)
WebDNA Quick Reference (Reserved Words) (2000)
Multiple prices (1997)
2.0Beta Command Ref (can't find this instruction) (1997)
expired beta (1997)
[OT]: BBEdit grep (2003)
Great product and great job ! (1997)
Crash Log Question (2006)
authorize.net CC processing (was WC on Mac OS X or Mac OS (2001)
Pithy questions on webcommerce & siteedit (1997)