RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;)

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102713
interpreted = N
texte = I use this PHP library and like it http://htmlpurifier.org/ I guess if you needed to use this on a webdna site you could build a webservice layer to send text for cleaning to it. If anyone is interested, I'm happy to help build a bridge. -----Original Message----- From: Frank Nordberg [mailto:frnordbe@online.no] Sent: Monday, June 15, 2009 8:44 AM To: talk@webdna.us Subject: Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) Palle Bo Nielsen wrote: > Hi all, > > How do you protect yourself from bad code submitted to a form field. > > How do you make sure that e.g. HTML can be made visible with the right > syntax but no executable when submitted from a form field? I think the standard solution for webforum scripts regardless of programming language is to strip *all* html from the input and then add a set of custom codes for html tags that are allowed. This is easily done in WebDNA using [RemoveHTML] and [ConvertWords]. You can of course use the same procedure to filter out non-acceptable WebDNA tags from the input. Frank Nordberg http://www.musicaviva.com --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us old archives: http://dev.webdna.us/TalkListArchive/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  2. RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) ("Olin Lagon" 2009)
  3. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Brian Fries 2009)
I use this PHP library and like it http://htmlpurifier.org/ I guess if you needed to use this on a webdna site you could build a webservice layer to send text for cleaning to it. If anyone is interested, I'm happy to help build a bridge. -----Original Message----- From: Frank Nordberg [mailto:frnordbe@online.no] Sent: Monday, June 15, 2009 8:44 AM To: talk@webdna.us Subject: Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) Palle Bo Nielsen wrote: > Hi all, > > How do you protect yourself from bad code submitted to a form field. > > How do you make sure that e.g. HTML can be made visible with the right > syntax but no executable when submitted from a form field? I think the standard solution for webforum scripts regardless of programming language is to strip *all* html from the input and then add a set of custom codes for html tags that are allowed. This is easily done in WebDNA using [removehtml] and [convertwords]. You can of course use the same procedure to filter out non-acceptable WebDNA tags from the input. Frank Nordberg http://www.musicaviva.com --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: archives: http://mail.webdna.us/list/talk@webdna.us old archives: http://dev.webdna.us/TalkListArchive/ "Olin Lagon"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Values to Thankyou page lost? (1998) WebCatalog 2.0 b 15 mac (1997) Postdata expired from cache (2004) list items (1998) Credit card processing - UK (1997) [WebDNA] Order that emailer sends emails? (2009) Not really WebCat (1997) email database file (2005) Size images (2002) Summing fields (1997) database search help (2003) HELP WITH DATES (1997) Dummy Credit Card Number for debug? (1997) Has this happened to you? (was:Emailer Chokes on bad address) (1997) Custom WebCat Prefs ... (1997) [UPPERCASE] (1997) 2 databases problem (1997) Extra equals signs with IE? (More debugging questions...) (1997) WebCat2b13 Command Reference Doc error (1997) OK, here's a new one (2002)