SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict
    Join Date
    Oct 2002
    Posts
    229
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Creating a CMS - is it secure to allow users to add JS to header

    Hi,

    I am creating a CMS and have a field for header code so that users can add Script to it.

    Is there any security implications with this that i am not aware of?

    JavaScript being client side - shouldn't cause the backend of the website / Database any problems.

    Thoughts and comments welcome

    thanks

    K
    Eternity

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,044
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)

    user javascript

    So what you're saying is your not concerned with your user's security? You wouldn't mind if they all got redirected to another site? And don't be so sure about javascript being only client-side, remember that it has some restrictions regarding where it is, code that calls more "dangerous" functions must be in the same "sandbox".
    Websites invite enough trouble by allowing users to upload HTML (and even BBcode), because script-kiddies find ways to evade inadequate input filters.
    Allowing users to input javascript would be like you going on vacation leaving the doors open and putting a "gone fishing" sign out front.

  3. #3
    I meant that to happen silver trophybronze trophy Raffles's Avatar
    Join Date
    Sep 2005
    Location
    Tanzania
    Posts
    4,662
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Filtering out inappropriate javascript would be a nightmare - a near-impossible one I would think.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •