Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102712
interpreted = N
texte = Palle Bo Nielsen wrote: > Hi all, > > How do you protect yourself from bad code submitted to a form field. > > How do you make sure that e.g. HTML can be made visible with the right > syntax but no executable when submitted from a form field? I think the standard solution for webforum scripts regardless of programming language is to strip *all* html from the input and then add a set of custom codes for html tags that are allowed. This is easily done in WebDNA using [RemoveHTML] and [ConvertWords]. You can of course use the same procedure to filter out non-acceptable WebDNA tags from the input. Frank Nordberg http://www.musicaviva.com Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  2. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  3. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - (Tom Duke 2009)
  4. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA (Frank Nordberg 2009)
  5. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  6. RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) ("Olin Lagon" 2009)
  7. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA (Frank Nordberg 2009)
  8. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Brian Fries 2009)
  9. [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
Palle Bo Nielsen wrote: > Hi all, > > How do you protect yourself from bad code submitted to a form field. > > How do you make sure that e.g. HTML can be made visible with the right > syntax but no executable when submitted from a form field? I think the standard solution for webforum scripts regardless of programming language is to strip *all* html from the input and then add a set of custom codes for html tags that are allowed. This is easily done in WebDNA using [removehtml] and [convertwords]. You can of course use the same procedure to filter out non-acceptable WebDNA tags from the input. Frank Nordberg http://www.musicaviva.com Frank Nordberg

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Webcat 2.0.1 date math bug -> Crash! (1997) Hard Questions ? (1997) Can GMT be called from the OS ? (2004) Firewalls - What's Good? (1999) Convert Chars Issue? (2000) Server Freeze (1998) and passing to a cart (1997) simple answer? [hideif] (1997) Modifying Carts (1999) setting HTTP response header (1998) Problem with Showif & Applescript (1997) [shownext max=?] armed (1997) [MATH] and Dates (1998) No Data Results (1997) [WebDNA] SEARCH question - SHOWIF - HIDEIF question (2011) searching with if/then (2004) newbie question about zip code search (2003) [include] affect on filepaths for links? (1997) PCS Frames (1997) Two stores, one server (1998)