form Security protection

Hi,

I am using CK editor to get input for comments feild from users for a comments page.... how could i protect from cross site scripting attacks and other javascript attacks? ... is there any code for serverside (standard one) or should i take care of it...

Also if i escape html tags and escape tags and leave only those that are permted... how could i stop something like this<a onmouseover="some script"... kinda inline submissions?

:thumbsup:thanks in advance

anyone??? :confused:

Hi,

I am using CK editor to get input for comments feild from users for a comments page.... how could i protect from cross site scripting attacks and other javascript attacks? ... is there any code for serverside (standard one) or should i take care of it...

Also if i escape html tags and escape tags and leave only those that are permted... how could i stop something like this<a onmouseover="some script"... kinda inline submissions?

:thumbsup:thanks in advance

I suggest you read up on sessions to control form permissions.
This will require more than a simple page code, you will need a database log alowing each session from there you can code each page with security code.
session_start();
ob_start();
if($_SESSION[userdetails] {"describe your session"} and so on...

http://us3.php.net/manual/en/book.session.php

i am already doing that... my worry is what if a logged in user posts JS using this hack? I can block him and have that option but the damage would have been done already before i could take action.