Re: Malicious TAGS — HTML — IT news, forums, messages

You are here: Re: Malicious TAGS « HTML « IT news, forums, messages

Posted by David Dorward on 11/15/51 11:28

adyda wrote:
> Now, I'm developing a procedure to do this, but I need to know which tags
> I need to remove from incoming data to be sure that no malicious code can
> be uploaded into my website

You would be better off working from the other direction. Decide what tags
(and what attributes on those tags) that you want to *allow* and drop
everything else. Aside from anything else, its proof against any future
extensions (official or (more likely) otherwise) to HTML that may be
introduced.

--
David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

Navigation:

Next in forum: Re: eng/rus in pages
Prev in forum: Re: HTML in emails
Thread view: Re: Malicious TAGS

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация