07-04-2010, 02:37 AM
I have a built in mail form on my website, which people can send messages to each other. However the name and subject is prone to HTML inject attacks.
How can I sanitize the HTML so this can't happen?
07-04-2010, 04:45 PM
Not much you can do to the HTML. Your form processor is the weak link. You will need knowledge of how server-side languages work to do this.
Hang on, I just understood you.
Most server-side languages allow you to change HTML into their respective entities so it doesn't work. The PHP version is htmlspecialchars().
07-04-2010, 08:34 PM
Alright I will post this in PHP. Thanks