|
in reply to Re: Any security holes?
in thread Any security holes?
Wow - yes I deleted the whole @pairs codebit and it still worked. I,m a total nitwit with coding so thanx - I,m just playing around and trying things out. The html-injection/cross scripting thing seems dangerous indeed, so okay - I learned its possible to "escape characters" - I would like to do that - do you have a suggestion (example code) for that? |
Re^3: Any security holes?
by LanX (Saint) on Jun 26, 2022 at 21:51 UTC
|
| [reply] |
|
|
I don't know how or where to implement it in my .pl file, could u help? It seems that this would do the trick:
$encoded = encode_entities($input, '<>&"');
It seems this would negate all these characters and thats exactly what i want - but how?
| [reply]
[d/l] |
Re^3: Any security holes?
by haj (Vicar) on Jun 28, 2022 at 08:32 UTC
|
I'm just playing around and trying things out.
I hope you are aware that running CGI programs in the internet is not a good idea for trying things out. The internet as a whole is not a particularly friendly place. When a new server starts to respond on Port 80, it takes just some minutes before robots will start poking it for security holes. If you point your friends to use your new playground, you're putting them at risk because their browser might run malicious code.
| [reply] |
|
