Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder adarshakb's Avatar
    Join Date
    Jun 2009
    Location
    Silicon valley of india
    Posts
    247
    Thanks
    11
    Thanked 1 Time in 1 Post

    form Security protection

    Hi,

    I am using CK editor to get input for comments feild from users for a comments page.... how could i protect from cross site scripting attacks and other javascript attacks? ... is there any code for serverside (standard one) or should i take care of it...

    Also if i escape html tags and escape tags and leave only those that are permted... how could i stop something like this<a onmouseover="some script"... kinda inline submissions?

    thanks in advance
    Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.

    Albert Einstein
    -----------------------------------------------------
    My Blog songs

  • #2
    Regular Coder adarshakb's Avatar
    Join Date
    Jun 2009
    Location
    Silicon valley of india
    Posts
    247
    Thanks
    11
    Thanked 1 Time in 1 Post
    anyone???
    Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.

    Albert Einstein
    -----------------------------------------------------
    My Blog songs

  • #3
    Regular Coder
    Join Date
    Nov 2010
    Location
    Oregon
    Posts
    243
    Thanks
    23
    Thanked 10 Times in 10 Posts
    Quote Originally Posted by adarshakb View Post
    Hi,

    I am using CK editor to get input for comments feild from users for a comments page.... how could i protect from cross site scripting attacks and other javascript attacks? ... is there any code for serverside (standard one) or should i take care of it...

    Also if i escape html tags and escape tags and leave only those that are permted... how could i stop something like this<a onmouseover="some script"... kinda inline submissions?

    thanks in advance
    I suggest you read up on sessions to control form permissions.
    This will require more than a simple page code, you will need a database log alowing each session from there you can code each page with security code.
    session_start();
    ob_start();
    if($_SESSION[userdetails] {"describe your session"} and so on...

    http://us3.php.net/manual/en/book.session.php
    Last edited by DataTalk; 12-24-2010 at 07:38 PM.

  • #4
    Regular Coder adarshakb's Avatar
    Join Date
    Jun 2009
    Location
    Silicon valley of india
    Posts
    247
    Thanks
    11
    Thanked 1 Time in 1 Post
    i am already doing that... my worry is what if a logged in user posts JS using this hack? I can block him and have that option but the damage would have been done already before i could take action.
    Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.

    Albert Einstein
    -----------------------------------------------------
    My Blog songs


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •