Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Sep 2006
    Posts
    72
    Thanks
    3
    Thanked 0 Times in 0 Posts

    security risks allowing link setting by users

    I am setting up a semi-public input environment - easiest to think in terms of a forum - and wonder about the security risks allowing users to add href links.

    I see this forum allows that.
    I figure even if BBCode is the interface the posting is still a live URL.

    XSS - js injection (I'm trying to sound intelligent here )

    Perhaps totally a non-issue?
    I will be interested to have you thoughts

  • #2
    The fat guy next door VIPStephan's Avatar
    Join Date
    Jan 2006
    Location
    Halle (Saale), Germany
    Posts
    8,789
    Thanks
    6
    Thanked 1,022 Times in 995 Posts
    There are no security risks to your site if you strip out any non-http(s) strings from the href attributes. The only security risks might be the link targets themselves (i. e. malicious websites) but this has nothing to do with the security of your site.

  • #3
    New Coder
    Join Date
    Sep 2006
    Posts
    72
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thanks.
    I am currently searching regex url validation.

  • #4
    New Coder
    Join Date
    Jul 2012
    Posts
    66
    Thanks
    0
    Thanked 0 Times in 0 Posts
    For your site, I think you should install the security application for networking so that you can optimize the security system. Usually, this applications integrated with your system if you want to install it.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •