...

View Full Version : security risks allowing link setting by users



arfa
09-25-2012, 11:26 PM
I am setting up a semi-public input environment - easiest to think in terms of a forum - and wonder about the security risks allowing users to add href links.

I see this forum allows that.
I figure even if BBCode is the interface the posting is still a live URL.

XSS - js injection (I'm trying to sound intelligent here :rolleyes:)

Perhaps totally a non-issue?
I will be interested to have you thoughts

VIPStephan
09-26-2012, 08:20 PM
There are no security risks to your site if you strip out any non-http(s) strings from the href attributes. The only security risks might be the link targets themselves (i. e. malicious websites) but this has nothing to do with the security of your site.

arfa
09-26-2012, 09:20 PM
Thanks.
I am currently searching regex url validation.

Coding Start
09-27-2012, 05:04 AM
For your site, I think you should install the security application for networking so that you can optimize the security system. Usually, this applications integrated with your system if you want to install it.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum