[nycphp-talk] Client vs. Server programming
Keith Casey
mailinglists at caseysoftware.com
Thu Sep 21 18:12:41 EDT 2006
On 9/21/06, LK <lk613m at yahoo.com> wrote:
> copying user inputs from the $_POST array back into the HTML for *each* input
> field with <?php echo $_POST[] ?>, not to mention session state and other
And regardless of the validation others have noted, if you're simply
taking user input and dumping it to the screen you're in for a world
of hurt. Here's a quick sample of some of the trouble you could
cause: http://seoblackhat.com/2006/09/18/best-xss-ever/
And that's just simple html not causing any problems...
kc
--
D. Keith Casey Jr.
CEO, CaseySoftware, LLC
http://CaseySoftware.com
More information about the talk
mailing list