Results 1 to 1 of 1
Thread: Shortest possible site hack
Jul 11, 2011, 13:41 #1
- Join Date
- Mar 2011
- Bellingham, WA
- 1 Post(s)
- 0 Thread(s)
Shortest possible site hack
(I still think that the question below would be interesting to know. BUT, I found a solution to my problem --- 3 hours after working with the problem and 2 minutes after writing this post.
Basically, with TINYmce on the page, it was doing the htmlentities for me, even in an input field that wasn't TINYmce --- so I can just print out my results without doing any extra security.)
I'm in the process of tightening up my website and am stuck on one detail. I've been using htmlentities to ensure that no malicious scripts are printed to my browser. Unfortunately, it's going a little bit batty on a page where I use TinyMCE. Without going into all of the details, I just need to find a way to make a text input secure, one that unfortunately will allow users "<" and ">".
My method of approaching this particular issue is to not allow quotes to be entered (otherwise, if the user wishes to update a field, using value ="stuff with quotes" wreaks havoc) and to make the field as short as possible.
So, regardless if the above makes total sense to you, my question is "What is the shortest script possible that could cause a hack in my system?"
Last edited by kreut; Jul 11, 2011 at 14:04. Reason: Found solution!!!!