Re: [WebDNA] XSS and getting rid of HTML codes
This WebDNA talk-list message is from 2018
It keeps the original formatting.
numero = 114210
interpreted = N
texte = 1813��Great :-)��Thank you.��Yours,��Me.��> On 29 Apr 2018, at 19:40, Kenneth Grome =�wrote:�>=20�> Check your formvariables for "java" and "script", then redirect�> somewhere else when they contain one or both:�>=20�> [text]bad=3D[formvariables][value][/formvariables][/text]�>=20�> [if ("[bad]"^"java") | ("[bad]"^"script")]�> [then][redirect /index.html][/then]�> [/if]�>=20�> Regards,�> Kenneth Grome�> WebDNA Solutions�> http://www.webdnasolutions.com�> Web Database Systems and Linux Server Administration�>=20�>=20�>=20�> On 04/29/2018 10:31 AM, Office wrote:�>> it seems like while playing with the variables in any HTML i can =�inject ugly commands to the web pages�>> And also people can use the "cart=3D=E2=80=9C to make injection�>> like here:�>> =�http://www.domain.XXX/tmpl.tmpl?cart=3D15250157251258505