in reply to Re^12: Making Perl Monks a better place for newbies (and others)
in thread Making Perl Monks a better place for newbies (and others)
- "What the PM engine receives is what the user typed into the box. What is stored in the db is what the user typed into the box."
I'm not sure I understand how storing user input in the database creates a security issue. If it's code that could run, someone would have to grab that node and .. execute it. The Everything2 engine just stores the user input, then regurgitates it when a node is displayed. The content is never executed by the engine, or by the browser.
Do you have a proof of concept node that exploits this?
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^14: Making Perl Monks a better place for newbies (and others)
by LanX (Saint) on Feb 06, 2020 at 17:48 UTC | |
Re^14: Making Perl Monks a better place for newbies (and others)
by Anonymous Monk on Feb 07, 2020 at 04:27 UTC |
In Section
Perl Monks Discussion