Posted by Colin McKinnon on 12/16/06 15:38
Marnok.com wrote:
> Hi
>
> I am trying to include a file from another site in my page. The other page
> is messing up the rest of my page - it seems to have an extra </table>, or
> else the </body></html> on the foreign site is confusing my page layout.
>
> I wondered if there was a "safe" way to include a foreign page so that it
> sits within the boundaries I lay out and is treated only as a
> self-contained entity?
No.
Don't use 'include' or 'require', and expect your site to be XSS vulnerable
as a result.
Parse it as XML and don't show it if its badly formed.
C.
Navigation:
[Reply to this message]
|