Re: CERT Advisory on malicious scripts
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 26999
interpreted = N
texte = on 2/3/00 3:23 PM, Kenneth Grome at ken@simplewebstores.com wrote:> The simplest method to prevent this problem is to strip the < character from> your form values using a special db with convertchars to convert it to> nothing. This effectively prevents people from creating HTML tags.> > If you need to allow them to create HTML tags, then you will have to do more> work:> > Create a db that lists any tags you will not allow, and look for each of those> tags in every form field (not just the user-editable fields as you might> think), then post an error message saying something like The