Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;)

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102714
interpreted = N
texte = --Apple-Mail-3-498903182 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hi Frank, This is the solution which I already use. I just don't think it's elegant enough and I can't print code snippets with out destroying [xxx] and and without that the context is ruined. An example of my code below...: [include file=greps/code.inc&raw=F&the_text=[url][RemoveHTML] [the_db_text][/RemoveHTML][/url]]  [convertwords db=/databases/WordConversions.db][the_text][/convertwords] The grep is the following...: [text]the_text=[convertchars db=/databases/MyConversions.db][the_text] [/convertchars][/text][!] -- do offsite links [/!][text]the_text=[grep search=http:\/\/&replace=][text]the_text[/text][/grep][/text] [text]the_text=[grep search=\[link=([^[unurl]%5D[/unurl]]*)\]([^[unurl] %5B[/unurl]]*)\[/link\]&replace=\2] [text]the_text[/text][/grep][/text] All input is welcome... Palle On 15/06/2009, at 20.44, Frank Nordberg wrote: > Palle Bo Nielsen wrote: >> Hi all, >> How do you protect yourself from bad code submitted to a form field. >> How do you make sure that e.g. HTML can be made visible with the >> right syntax but no executable when submitted from a form field? > > I think the standard solution for webforum scripts regardless of > programming language is to strip *all* html from the input and then > add a set of custom codes for html tags that are allowed. This is > easily done in WebDNA using [RemoveHTML] and [ConvertWords]. You can > of course use the same procedure to filter out non-acceptable WebDNA > tags from the input. > > > > Frank Nordberg > http://www.musicaviva.com > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > --Apple-Mail-3-498903182 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable
Hi = Frank,

This is the solution which I already = use. I just don't think it's elegant enough and I can't print code = snippets with out destroying [xxx] and <xxx> and without that the = context is ruined.

An example of my code = below...:

[include = file=3Dgreps/code.inc&raw=3DF&the_text=3D[url][RemoveHTML][the_db_= text][/RemoveHTML][/url]]
= 
[convertwords = db=3D/databases/WordConversions.db][the_text][/convertwords]
The grep is the = following...:

[text]the_text=3D[convertchars = db=3D/databases/MyConversions.db][the_text][/convertchars][/text][!] -- = do offsite links [/!][text]the_text=3D[grep = search=3Dhttp:\/\/&replace=3D][text]the_text[/text][/grep][/text][text= ]the_text=3D[grep = search=3D\[link=3D([^[unurl]%5D[/unurl]]*)\]([^[unurl]%5B[/unurl]]*)\[/lin= k\]&replace=3D<a = href=3D"http://\1">\2</a>][text]the_text[/text][/grep][/text]

All input is = welcome...

Palle


On 15/06/2009, at 20.44, Frank Nordberg wrote:

Palle = Bo Nielsen wrote:
Hi = all,
How do you protect = yourself from bad code submitted to a form = field.
How do you make sure = that e.g. HTML can be made visible with the right  syntax but no = executable when submitted from a form field?

I think = the standard solution for webforum scripts regardless of programming = language is to strip *all* html from the input and then add a set of = custom codes for html tags that are allowed. This is easily done in = WebDNA using [RemoveHTML] and [ConvertWords]. You can of course use the = same procedure to filter out non-acceptable WebDNA tags from the = input.



Frank Nordberg
http://www.musicaviva.com

--= -------------------------------------------------------
This message = is sent to you because you are subscribed to
the mailing list = <talk@webdna.us>.
To unsubscribe, E-mail to: = <talk-leave@webdna.us>
archives: = http://mail.webdna.us/list/talk@webdna.us
old archives: = http://dev.webdna.us/TalkListArchive/


= = --Apple-Mail-3-498903182-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
  2. RE: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) ("Olin Lagon" 2009)
  3. Re: [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Brian Fries 2009)
  4. [WebDNA] Protect TextArea and other Input-Fields with WebDNA - Something to talk about ;) (Palle Bo Nielsen 2009)
--Apple-Mail-3-498903182 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Hi Frank, This is the solution which I already use. I just don't think it's elegant enough and I can't print code snippets with out destroying [xxx] and and without that the context is ruined. An example of my code below...: [include file=greps/code.inc&raw=F&the_text=[url][removehtml] [the_db_text][/RemoveHTML][/url]]  [convertwords db=/databases/WordConversions.db][the_text][/convertwords] The grep is the following...: [text]the_text=[convertchars db=/databases/MyConversions.db][the_text] [/convertchars][/text][!] -- do offsite links [/!][text]the_text=[grep search=http:\/\/&replace=][text]the_text[/text][/grep][/text] [text]the_text=[grep search=\[link=([^[unurl]%5D[/unurl]]*)\]([^[unurl] %5B[/unurl]]*)\[/link\]&replace=\2] [text]the_text[/text][/grep][/text] All input is welcome... Palle On 15/06/2009, at 20.44, Frank Nordberg wrote: > Palle Bo Nielsen wrote: >> Hi all, >> How do you protect yourself from bad code submitted to a form field. >> How do you make sure that e.g. HTML can be made visible with the >> right syntax but no executable when submitted from a form field? > > I think the standard solution for webforum scripts regardless of > programming language is to strip *all* html from the input and then > add a set of custom codes for html tags that are allowed. This is > easily done in WebDNA using [removehtml] and [convertwords]. You can > of course use the same procedure to filter out non-acceptable WebDNA > tags from the input. > > > > Frank Nordberg > http://www.musicaviva.com > > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > old archives: http://dev.webdna.us/TalkListArchive/ > --Apple-Mail-3-498903182 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable
Hi = Frank,

This is the solution which I already = use. I just don't think it's elegant enough and I can't print code = snippets with out destroying [xxx] and <xxx> and without that the = context is ruined.

An example of my code = below...:

[include = file=3Dgreps/code.inc&raw=3DF&the_text=3D[url][removehtml][the_db_= text][/RemoveHTML][/url]]
= 
[convertwords = db=3D/databases/WordConversions.db][the_text][/convertwords]
The grep is the = following...:

[text]the_text=3D[convertchars = db=3D/databases/MyConversions.db][the_text][/convertchars][/text][!] -- = do offsite links [/!][text]the_text=3D[grep = search=3Dhttp:\/\/&replace=3D][text]the_text[/text][/grep][/text][text= ]the_text=3D[grep = search=3D\[link=3D([^[unurl]%5D[/unurl]]*)\]([^[unurl]%5B[/unurl]]*)\[/lin= k\]&replace=3D<a = href=3D"http://\1">\2</a>][text]the_text[/text][/grep][/text]

All input is = welcome...

Palle


On 15/06/2009, at 20.44, Frank Nordberg wrote:

Palle = Bo Nielsen wrote:
Hi = all,
How do you protect = yourself from bad code submitted to a form = field.
How do you make sure = that e.g. HTML can be made visible with the right  syntax but no = executable when submitted from a form field?

I think = the standard solution for webforum scripts regardless of programming = language is to strip *all* html from the input and then add a set of = custom codes for html tags that are allowed. This is easily done in = WebDNA using [removehtml] and [convertwords]. You can of course use the = same procedure to filter out non-acceptable WebDNA tags from the = input.



Frank Nordberg
http://www.musicaviva.com

--= -------------------------------------------------------
This message = is sent to you because you are subscribed to
the mailing list = <talk@webdna.us>.
To unsubscribe, E-mail to: = <talk-leave@webdna.us>
archives: = http://mail.webdna.us/list/talk@webdna.us
old archives: = http://dev.webdna.us/TalkListArchive/


= = --Apple-Mail-3-498903182-- Palle Bo Nielsen

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Re:[ShowIf] and empty fields (1997) frames & carts (1997) Ampersand Searching (2000) Concealing WebCatalog in the URL (2000) [WebDNA] Talklist Archive & Twitter (2009) [WebDNA] Calendar Edit (2010) Fun with Dates - finally resolved but.... (1997) Re:What file? (1997) Re:Need help... (1997) Emailer (1997) Webcatalog, Webstar and Crasharama (1999) Security (2002) PIXO (1997) SET-payment (2000) Webcatalog/Butler (1998) GuestBook example (1997) two unique banners on one page (1997) Requiring that certain fields be completed (1997) Updating checkboxes made easy !!! (1998) Site Builder & IE Mac (2004)