Re: [WebDNA] XSS and getting rid of HTML codes
This WebDNA talk-list message is from 2018
It keeps the original formatting.
numero = 114209
interpreted = N
texte = 1812��Check your formvariables for "java" and "script", then redirect�somewhere else when they contain one or both:��[text]bad=3D[formvariables][value][/formvariables][/text]��[if ("[bad]"^"java") | ("[bad]"^"script")]�[then][redirect /index.html][/then]�[/if]��Regards,�Kenneth Grome�WebDNA Solutions�http://www.webdnasolutions.com�Web Database Systems and Linux Server Administration����On 04/29/2018 10:31 AM, Office wrote:�> it seems like while playing with the variables in any HTML i can inject=� ugly commands to the web pages�> And also people can use the "cart=3D=E2=80=9C to make injection�> like here:�> http://www.domain.XXX/tmpl.tmpl?cart=3D15250157251258505