...

View Full Version : form Security protection



adarshakb
12-23-2010, 07:17 PM
Hi,

I am using CK editor to get input for comments feild from users for a comments page.... how could i protect from cross site scripting attacks and other javascript attacks? ... is there any code for serverside (standard one) or should i take care of it...

Also if i escape html tags and escape tags and leave only those that are permted... how could i stop something like this<a onmouseover="some script"... kinda inline submissions?

:thumbsup:thanks in advance

adarshakb
12-24-2010, 05:55 PM
anyone??? :confused:

DataTalk
12-24-2010, 07:33 PM
Hi,

I am using CK editor to get input for comments feild from users for a comments page.... how could i protect from cross site scripting attacks and other javascript attacks? ... is there any code for serverside (standard one) or should i take care of it...

Also if i escape html tags and escape tags and leave only those that are permted... how could i stop something like this<a onmouseover="some script"... kinda inline submissions?

:thumbsup:thanks in advance

I suggest you read up on sessions to control form permissions.
This will require more than a simple page code, you will need a database log alowing each session from there you can code each page with security code.
session_start();
ob_start();
if($_SESSION[userdetails] {"describe your session"} and so on...

http://us3.php.net/manual/en/book.session.php

adarshakb
12-28-2010, 06:08 AM
i am already doing that... my worry is what if a logged in user posts JS using this hack? I can block him and have that option but the damage would have been done already before i could take action.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum