Menu
Menu
DaniWeb
Log In
Sign Up
Read
Contribute
Meet
Search
Search
About 266 results for
cross-site-scripting
- Page 1
Cross site scripting issue
Programming
Web Development
13 Years Ago
by erioch
… some diagnostic tests and found that it is valnurable for
Cross
site
scripting
, any help??? or sugestion??? I have attached a copy of…("count_captcha")+1 end if set body=CreateObject("
Scripting
.Dictionary") str="<script language = JavaScript>"…
WYSIWIG Textbox editors and Cross Site scripting attacks
Programming
Web Development
14 Years Ago
by riddleyw
… this necessarily open my users up to
cross
site
scripting
? I know just enough about
cross
site
scripting
to know that you're supposed to filter…
Is this a good topic for my thesis, cross site scripting and sql injections
Programming
Web Development
10 Years Ago
by Jenny12345
I am doing an investigation in to
cross
site
scripting
and sql injection and maybe other attacks for my thesis … about setting up a fictional website that is vulnerable to
cross
site
scripting
and sql injections etc, and then comparing various methods to…
How can i be safe from things like SQL injection and cross-site scripting?
Programming
Web Development
7 Months Ago
by jayashree10
Security matters. How can I guard against things like SQL injection or
cross
-
site
scripting
? It will be really helpful if somebody could help.
Re: How can i be safe from things like SQL injection and cross-site scripting?
Programming
Web Development
7 Months Ago
by Dani
… `mysqli::real_escape_string()` function. Other databases have equivalent functions. To prevent
cross
-
site
scripting
attacks, you similarly want to make sure that *all* text…
Re: Cross site scripting issue
Programming
Web Development
13 Years Ago
by erioch
… = "ACCESS" Set tables_data = CreateObject("
Scripting
.Dictionary") Set field_labels = CreateObject("
Scripting
.Dictionary") %> <!--#include file="…
Re: Cross site scripting issue
Programming
Web Development
13 Years Ago
by ArtistScope
… for a SQL Attack which can either crash your database/
site
or be used to throw up information that can further…
Re: Cross site scripting issue
Programming
Web Development
13 Years Ago
by erioch
Hi, It seems to be working well now... It is replacing the unwanted characters well... I have liked the
site
and very soon, maybe next month, am considering contributing to the work... Regards, Erick
Re: Cross site scripting issue
Programming
Web Development
13 Years Ago
by ArtistScope
Add a new include file for your new functions (at the top of the page), keeping it separate from commonfunctions.asp which may be overwritten if you are using an ASP generator application? Passing a username field should not be a risk if it's filtered.
Re: Cross site scripting issue
Programming
Web Development
13 Years Ago
by reygcalantaol
You may also use parameterize query to prevent SQL injection.
Re: WYSIWIG Textbox editors and Cross Site scripting attacks
Programming
Web Development
14 Years Ago
by samarudge
If you look up strip_tags on the PHP website you can define a list of the allowable tags. For example the quick reply editor on Daniweb has bold (<b>, <strong>) italic (<i>) underline (<u>) paragraphs (<p>) spans (<span) and links (<a>) so you would set a function like [CODE] $Input = strip_tags($_POST['…
Re: WYSIWIG Textbox editors and Cross Site scripting attacks
Programming
Web Development
14 Years Ago
by riddleyw
Thanks! How do they handle code snippets, then? How are they kept in the message but kept from becoming live and danggerous
Re: WYSIWIG Textbox editors and Cross Site scripting attacks
Programming
Web Development
14 Years Ago
by liamfriel
strip_tags removes php tags also: for javascript etc i use this function: [CODE] #this will strip javascript/html then prepare the script for inserting into database function make_safe($string) { $string = preg_replace('#<!\[CDATA\[.*?\]\]>#s', '', $string); $string = strip_tags($string); $string = htmlentities($string, …
Re: WYSIWIG Textbox editors and Cross Site scripting attacks
Programming
Web Development
14 Years Ago
by diafol
Just one point - if tags aren't closed properly by the WW editor - there goes the rest of your page! Ensure that your editor / own code checks for closed tags and quotes.
Re: Is this a good topic for my thesis, cross site scripting and sql injections
Programming
Web Development
10 Years Ago
by pritaeas
Try multiple websites built with different technologies. Then you can compare how they differ in preventing such attacks.
Re: Is this a good topic for my thesis, cross site scripting and sql injections
Programming
Web Development
10 Years Ago
by Jenny12345
Hi thanks for your reply, when you say different websites with different technologies do you mean websites built with ASP.NET, PHP etc can you please elebortate on that
Re: Is this a good topic for my thesis, cross site scripting and sql injections
Programming
Web Development
10 Years Ago
by pritaeas
> do you mean websites built with ASP.NET, PHP Yes, there are more like perl and Ruby for example. You can also think of differences in settings between IIS, Apache and TomCat. Then there's a difference in databases like MySQL, SQL Server, Postgres, SQLite etc.
Re: Is this a good topic for my thesis, cross site scripting and sql injections
Programming
Web Development
10 Years Ago
by Jenny12345
What do you reckon would be the best way that I should demonstrate this? How can I find out which website use which technology? Since setting up different website built with diffrent technologies would be quite time consuming. sorry for all these questions :)
Re: Is this a good topic for my thesis, cross site scripting and sql injections
Programming
Web Development
10 Years Ago
by pritaeas
If you want to add complexity to your thesis it will always be more time consuming. I don't think there are any shortcuts if you want to demonstrate flaws in some technological solution.
php site was hacked
Programming
Web Development
14 Years Ago
by jobojo
… have been reading up on SQL injection attacks and
cross
-
site
scripting
attacks as I am assuming at least one of … above. This error is only present when accessing the
site
from Firefox (i have the latest version installed), but…and it has found 56 possibly high level vulnerabilities to
Cross
Site
Scripting
(XSS) attacks. I am not really too sure how…
Cross site scripting threat
Programming
Web Development
8 Years Ago
by priyanka85
I have an input field which is showing vulnerable in security scan using XSS attack as: STYLE="xss:e/**/xpression(try{a=firstTime}catch(e){firstTime=1;alert(969)});" Could you please suggest how can we prevent from vulnerability like this ? Field: <input id="{ControlItemUniqueID}Data" style="width:150px" …
Re: ajax cross domain compatability
Programming
Web Development
13 Years Ago
by pclfw
[QUOTE=;][/QUOTE] It isn't possible for the client side javascript to access another domain. <<<<SOLUTION DELETED BY AUTHOR>>>> However this really doesn't sound like something that I would like to happen to any of my data. Sounds a lot like
cross
site
scripting
to me.
Re: Weird Codes on My Site. Virus?
Programming
Web Development
10 Years Ago
by veedeoo
… SQL Injection No vulnerabilities found File Handling No vulnerabilities found
Cross
Site
Scripting
No vulnerabilities found CRLF No vulnerabilities found Commands execution No…
Re: Was my site hacked? Please help.
Programming
Web Development
16 Years Ago
by helraizer
[QUOTE=nav33n;619765]Oh,
cross
site
scripting
! Hmm..[/QUOTE] Yeah. XSS! Some how they found an exploit …in the posting of blogs on a user's
site
in which they use the HTML <!-- Comments --> <…
Re: Was my site hacked? Please help.
Programming
Web Development
16 Years Ago
by nav33n
… your database and see the post in there.[/QUOTE] Oh,
cross
site
scripting
! Hmm..
Cyber-attack 'superfecta' statistics released
Hardware and Software
Information Security
11 Years Ago
by happygeek
…four attack vectors that comprises of
Cross
-
Site
Request Forgery (CSRF),
Cross
-
Site
Scripting
(XSS), SQL Injection and Directory Traversal.
Cross
-
Site
Request Forgery (CSRF) is an…Engineer at FireHost who continues "for example,
cross
-
site
request forgery attacks and
cross
site
scripting
attacks are extremely automated and require very little…
Re: Cyber-attack 'superfecta' statistics released
Hardware and Software
Information Security
11 Years Ago
by LastMitch
… a group of four attack vectors that comprises of
Cross
-
Site
Request Forgery (CSRF),
Cross
-
Site
Scripting
(XSS), SQL Injection and Directory Traversal. Actually to…
Read text file
Programming
Web Development
11 Years Ago
by ferdinandmucos
… Syndication','Really Simple
Scripting
','Ready-Styled
Scripting
','Really Stupid Syndication'), array(0 => '
Cross
-
site
Scripting
','
Cross
-
site
Security','Cleverly Structured
Scripting
','eXtremely Safe and …'), array(0 => 'JavaScript Object Notation','JQuery-
Scripting
Object Notation','Just Simple Object Notation','JavaScript Over the …
XSS and SQL Injection
Programming
Web Development
14 Years Ago
by cheapterp
… of them with basically the same problem: [B]
Cross
Site
Scripting
[/B] and [B]
Cross
Site
Scripting
in URI[/B]. For every input on all of… to be entered in most of the textfields on the
site
. Therefore, in addition to the [icode]<cfqueryparam cfsqltype = cf_sql_float…
A tale of two Twitter worms
Hardware and Software
Networking
15 Years Ago
by happygeek
… is legit!" Actually, what was happening was a typical
cross
site
scripting
attack, in this case spamming links across Twitter without the… was getting to grips with the StalkDaily worm so another
cross
site
scripting
attack took hold. The [URL="http://www.sophos.com…
1
2
3
5
Next
Last
Search
Search
Forum Categories
Hardware/Software
Recommended Topics
Programming
Recommended Topics
Digital Media
Recommended Topics
Community Center
Recommended Topics
Latest Content
Newest Topics
Latest Topics
Latest Posts
Latest Comments
Top Tags
Topics Feed
Social
Forums
Top Members
Meet People
Community Functions
DaniWeb Premium
Newsletter Archive
Markdown Syntax
Community Rules
Developer APIs
Connect API
Forum API Docs
Tools
SEO Backlink Checker
Legal
Terms of Service
Privacy Policy
FAQ
About Us
Advertise
Contact Us
© 2024 DaniWeb® LLC