Reply to Re: 'include' question

Your name:

Reply:


Posted by Ric on 12/16/06 21:03

OmegaJunior schrieb:
> On Sat, 16 Dec 2006 16:38:28 +0100, Colin McKinnon
> <colin.thisisnotmysurname@ntlworld.deletemeunlessURaBot.com> wrote:
>
>> Marnok.com wrote:
>>
>>> Hi
>>>
>>> I am trying to include a file from another site in my page. The other
>>> page
>>> is messing up the rest of my page - it seems to have an extra
>>> </table>, or
>>> else the </body></html> on the foreign site is confusing my page layout.
>>>
>>> I wondered if there was a "safe" way to include a foreign page so
>>> that it
>>> sits within the boundaries I lay out and is treated only as a
>>> self-contained entity?
>>
>> No.
>>
>> Don't use 'include' or 'require', and expect your site to be XSS
>> vulnerable
>> as a result.
>>
>> Parse it as XML and don't show it if its badly formed.
>>
>> C.
>
> How about an iFrame?

an iframe cannot include pages from other domains and if someone is
talking about xss it is clear that this is about including pages from
other domains
>
> --Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация