Re: [WebDNA] XSS and getting rid of HTML codes
This WebDNA talk-list message is from 2018
It keeps the original formatting.
numero = 114209
interpreted = N
texte = 1812Check your formvariables for "java" and "script", then redirectsomewhere else when they contain one or both:[text]bad=3D[formvariables][value][/formvariables][/text][if ("[bad]"^"java") | ("[bad]"^"script")][then][redirect /index.html][/then][/if]Regards,Kenneth GromeWebDNA Solutionshttp://www.webdnasolutions.comWeb Database Systems and Linux Server AdministrationOn 04/29/2018 10:31 AM, Office wrote:> it seems like while playing with the variables in any HTML i can inject= ugly commands to the web pages> And also people can use the "cart=3D=E2=80=9C to make injection> like here:> http://www.domain.XXX/tmpl.tmpl?cart=3D15250157251258505