[nycphp-talk] User Input Data scrubbing
Miles Rose
mjrose at gmail.com
Fri Nov 28 16:47:37 EST 2008
does anyone have any webscrapers they recommend like kapow or some the others?
I want to be able to download and sort directory contents based on
certain fields.
M
On Fri, Nov 28, 2008 at 4:44 PM, Michele Waldman <mmwaldman at nyc.rr.com> wrote:
> Well, if they add a bell, form feed, cancel, end of transmitting, I'm
> removing it. That's not a legitimate part of a comment.
>
> I don't want to remove any legitimate part of my user's comment either.
>
> If they have code samples or anything else for that matter, I want it to
> display. I'm not, however, linking in pictures or linking urls. People can
> cut and paste that into the browser if they want to follow up on the
> person's comments.
>
> But, I don't want to crash my website, either.
>
> XSS - cross server scripting? Embedding your php in the code?
>
> Michele
>
> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
> Behalf Of Chris Shiflett
> Sent: Friday, November 28, 2008 3:50 PM
> To: NYPHP Talk
> Subject: Re: [nycphp-talk] User Input Data scrubbing
>
> On Nov 28, 2008, at 15:40, Michele Waldman wrote:
>
>> I'm looking at two separate issues right now: SQL injection and Html
>> injection.
>>
>> But, I think you can kill two birds with one stone.
>
> Not if you want to adhere to best practices. XSS is not something you
> can remove. It's the result of sloppy programming.
>
> On my blog, XSS is talked about a lot, so many of the comments might
> appear to be XSS attacks. I haven't (yet) had a vulnerability in my
> comment code, despite being a constant target for attack, and despite
> the fact that I don't remove any part of anyone's comment.
>
> There's a lot of misinformation out there, so tread carefully.
>
> Chris
>
> --
> Chris Shiflett
> http://shiflett.org/
>
>
>
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
> _______________________________________________
> New York PHP User Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/show_participation.php
>
--
Read my new Planet Ronco posting: Miles and the big fish.
http://planetronco.wordpress.com/2008/10/17/the-fish-is-bigger-then-the-rodtales-of-my-ronco-pocket-fisherman/
Hate listening to phone or cell phone voice mail? Me too, Try this
exciting new service for free for 30 days
https://apps.simulscribe.com/signup/r/18420
www.disk-armor.com
PROTECT YOUR DIGITAL MEMORIES
put on once and protect your digital life
protects games, cd, dvd, photos, movies, business records and more!
www.disk-armor.com
http://nomorescratches.blogspot.com/
More information about the talk
mailing list