Posted by kenoli on 02/27/07 17:17

I am "strip-slashing" and "trimming" all of my form input data and
wondering what I need to do to deal with intentional or unintentional
tag input (like < or > or actual html tags). Also any other related
vulnerabilities of which I am unaware.

This also brings up another issue related to textareas that will be
displayed on a page by php code. Is there is a feasible way to let
knowledgeable people insert html formatting in those textareas so
their text will be formatted as they want it when displayed without
creating vulnerabilities? How do I deal with the eventuality of their
including syntax errors?

I presume there are ways of making it easy for users to format input
text like this, perhaps some classes created for this purpose or some
embedded editors. I think I have seen some javascript approaches to
this. Anyone know about this?

I'm interested in any suggestions people have around these issues.
I've got my script working quite well and am ready to include some
enhancements that will avoid vulnerability around form input and make
the process more user friendly.

Thanks is advance,

--Kenoli

• Next in forum: Re: Form input data
• Prev in forum: Re: Can I get the form name from $_POST?
• Thread view: Form input data

[Reply to this message]