(ichimunki) Re x 3: Is this CGI search secure?


Just another Perl shrine
	PerlMonks

(ichimunki) Re x 3: Is this CGI search secure?

by ichimunki (Priest)

on Jul 23, 2001 at 18:37 UTC ( [id://99033]=note: print w/replies, xml )

Need Help??

in reply to Re: (Ovid) Re: Is this CGI search secure?
in thread Is this CGI search secure?

Not that you are going to worry about this too much if the search input is only reused on a page returned to that very user, but you may want to do something to escape any HTML that is included in the user input before it gets sent back to the browser (in an HTML document). At best, it will goof up the display (i.e. the browser will interpret the tags as tags). At worst, if one user is allowed to enter input that will be output to another user there is significant potential for foul play (javascript, pictures of Barney... people do weird stuff if this hole is open).

Comment on (ichimunki) Re x 3: Is this CGI search secure?

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://99033]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others scrutinizing the Monastery: (8)

As of 2024-04-18 10:41 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found