Re: Preventing code execution

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 48500
interpreted = N
texte = >At 8:09 AM +1300 3/7/03, Alain Russell wrote: >>Well then .. > >No... I think he wants to include html code that will get displayed >but not executed. In other words he wants the browser to display >

not interpret it. > >So for the webdna stuff, he has to wrap it in [raw] context. This is incorrect!It is impossible for the webdna software to execute webdna code that's stored in a db field *unless* you wrap the appropriate db field tag in an [interpret] context.The use of a [raw] context is not necessary at all in this situation, regardless of what three other people have claimed in their responses. All three of them are dead wrong.If your webdna installation is interpreting webdna code that has been retrieved from a db field that is NOT inside an interpret context, your security is seriously compromised -- and more importantly, the software has major problems that need immediate attention of SMSI.But it seems that your only issue is whether or not HTML code is displayed, right? If this is correct, just wrap the db field tag in a convertchars context. The standardconversions.db that functions as the default db for the convertchars context will take care of this problem for you automatically.Sincerely, Kenneth Grome--------------------------------------------------- WebDNA Professional Training and Development Center Cebu City, Philippines +63 (32) 255-6921 Wholesale WebDNA programming for only $20 per hour! ---------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Preventing code execution (Larry Goodhew 2003)
  2. Re: Preventing code execution (Donovan 2003)
  3. Re: Preventing code execution (John Hill 2003)
  4. Re: Preventing code execution (Gary Krockover 2003)
  5. Re: Preventing code execution (Donovan 2003)
  6. Re: Preventing code execution (Rob 2003)
  7. Re: Preventing code execution (Donovan home EHG 2003)
  8. Re: Preventing code execution (Rob 2003)
  9. Re: Preventing code execution (Joe D'Andrea 2003)
  10. Re: Preventing code execution (Kenneth Grome 2003)
  11. Re: Preventing code execution (Gary Krockover 2003)
  12. Re: Preventing code execution (Rob 2003)
  13. Re: Preventing code execution (Kenneth Grome 2003)
  14. Re: Preventing code execution (Rob 2003)
  15. Re: Preventing code execution (Stuart Tremain 2003)
  16. Re: Preventing code execution (Joe D'Andrea 2003)
  17. Re: Preventing code execution (John Hill 2003)
  18. Re: Preventing code execution (Alain Russell 2003)
  19. Re: Preventing code execution (Jay Van Vark 2003)
  20. Re: Preventing code execution (Craig Forest 2003)
  21. Re: Preventing code execution (Jay Van Vark 2003)
  22. Preventing code execution (Craig Forest 2003)
>At 8:09 AM +1300 3/7/03, Alain Russell wrote: >>Well then .. > >No... I think he wants to include html code that will get displayed >but not executed. In other words he wants the browser to display >

not interpret it. > >So for the webdna stuff, he has to wrap it in [raw] context. This is incorrect!It is impossible for the webdna software to execute webdna code that's stored in a db field *unless* you wrap the appropriate db field tag in an [interpret] context.The use of a [raw] context is not necessary at all in this situation, regardless of what three other people have claimed in their responses. All three of them are dead wrong.If your webdna installation is interpreting webdna code that has been retrieved from a db field that is NOT inside an interpret context, your security is seriously compromised -- and more importantly, the software has major problems that need immediate attention of SMSI.But it seems that your only issue is whether or not HTML code is displayed, right? If this is correct, just wrap the db field tag in a convertchars context. The standardconversions.db that functions as the default db for the convertchars context will take care of this problem for you automatically.Sincerely, Kenneth Grome--------------------------------------------------- WebDNA Professional Training and Development Center Cebu City, Philippines +63 (32) 255-6921 Wholesale WebDNA programming for only $20 per hour! ---------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Ampersands in database fields? (1998) Dumb Question about Docs (1997) Looking up two prices in Formulas.db (1997) Re:Change WebDNA-Talk Mail due to no digest for 1wk (1997) [WebDNA] TCPDoh (2009) webCatalog and Stocks (1998) CSS problem (2000) [OT] Appropriate Signature??? (2003) Setting up shop (1997) Re:What file? (1997) Help! WebCat2 bug (1997) Search Trouble (2002) WebMerchant & CC Response (2002) Emailer port change (1997) carriage returns in data (1997) Doing VALIDCARD right? (1998) PIXO (1997) YACBQ.....(Yet another checkbox question) (2000) Include a big block of text (1997) Database flushing does not work any more... (2000)