Go Back   CodingForums.com > :: Client side development > General web building
Reload this Page security risks allowing link setting by users

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 09-25-2012, 11:26 PM   PM User | #1
arfa
New Coder

 
Join Date: Sep 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
arfa is an unknown quantity at this point
security risks allowing link setting by users
I am setting up a semi-public input environment - easiest to think in terms of a forum - and wonder about the security risks allowing users to add href links.

I see this forum allows that.
I figure even if BBCode is the interface the posting is still a live URL.

XSS - js injection (I'm trying to sound intelligent here )

Perhaps totally a non-issue?
I will be interested to have you thoughts
arfa is offline   Reply With Quote
Old 09-26-2012, 08:20 PM   PM User | #2
VIPStephan
The fat guy next door


 
VIPStephan's Avatar
 
Join Date: Jan 2006
Location: Halle (Saale), Germany
Posts: 7,614
Thanks: 5
Thanked 865 Times in 842 Posts
VIPStephan is a jewel in the roughVIPStephan is a jewel in the roughVIPStephan is a jewel in the rough
There are no security risks to your site if you strip out any non-http(s) strings from the href attributes. The only security risks might be the link targets themselves (i. e. malicious websites) but this has nothing to do with the security of your site.
__________________
Don’t click this link!
VIPStephan is offline   Reply With Quote
Old 09-26-2012, 09:20 PM   PM User | #3
arfa
New Coder

 
Join Date: Sep 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
arfa is an unknown quantity at this point
Thanks.
I am currently searching regex url validation.
arfa is offline   Reply With Quote
Old 09-27-2012, 05:04 AM   PM User | #4
Coding Start
New Coder

 
Join Date: Jul 2012
Posts: 66
Thanks: 0
Thanked 0 Times in 0 Posts
Coding Start can only hope to improve
For your site, I think you should install the security application for networking so that you can optimize the security system. Usually, this applications integrated with your system if you want to install it.
Coding Start is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 07:22 PM.
Advertisement
Log in to turn off these ads.