SitePoint Sponsor

User Tag List

Results 1 to 1 of 1
  1. #1
    SitePoint Evangelist
    Join Date
    Mar 2011
    Location
    Bellingham, WA
    Posts
    450
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Shortest possible site hack

    (I still think that the question below would be interesting to know. BUT, I found a solution to my problem --- 3 hours after working with the problem and 2 minutes after writing this post.

    Basically, with TINYmce on the page, it was doing the htmlentities for me, even in an input field that wasn't TINYmce --- so I can just print out my results without doing any extra security.)

    Hello!

    I'm in the process of tightening up my website and am stuck on one detail. I've been using htmlentities to ensure that no malicious scripts are printed to my browser. Unfortunately, it's going a little bit batty on a page where I use TinyMCE. Without going into all of the details, I just need to find a way to make a text input secure, one that unfortunately will allow users "<" and ">".

    My method of approaching this particular issue is to not allow quotes to be entered (otherwise, if the user wishes to update a field, using value ="stuff with quotes" wreaks havoc) and to make the field as short as possible.

    So, regardless if the above makes total sense to you, my question is "What is the shortest script possible that could cause a hack in my system?"

    Thanks!

    -Eric
    Last edited by kreut; Jul 11, 2011 at 15:04. Reason: Found solution!!!!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •