View Full Version : security risks allowing link setting by users

09-26-2012, 12:26 AM
I am setting up a semi-public input environment - easiest to think in terms of a forum - and wonder about the security risks allowing users to add href links.

I see this forum allows that.
I figure even if BBCode is the interface the posting is still a live URL.

XSS - js injection (I'm trying to sound intelligent here :rolleyes:)

Perhaps totally a non-issue?
I will be interested to have you thoughts

09-26-2012, 09:20 PM
There are no security risks to your site if you strip out any non-http(s) strings from the href attributes. The only security risks might be the link targets themselves (i. e. malicious websites) but this has nothing to do with the security of your site.

09-26-2012, 10:20 PM
I am currently searching regex url validation.

Coding Start
09-27-2012, 06:04 AM
For your site, I think you should install the security application for networking so that you can optimize the security system. Usually, this applications integrated with your system if you want to install it.