|
|
Posted by Jasper Bryant-Greene on 06/19/87 11:21
Lauri Harpf wrote:
> Now, if I make a point of not "chmod 755"ing the .html files in
> question, the server should be safe from someone feeding a html file
> with an embedded PHP script, right? Is there something else I should
> be looking out for - or is there an even better way of handling the
> transferring of the HTML code from the application to the user?
Well, unless you have set your server up to execute PHP or CGI scripts
in .html files, which is a very bad idea, the only thing you need to
worry about is client-side scripting. You could just filter out all
<script></script> tags if client-side scripting isn't important for your
application...
Jasper
Navigation:
[Reply to this message]
|