S
Simon
Hi,
I have a site where users have been granted a lot of flexibility when it
comes to entries.
They cannot add any code as far as I can see that would harm the server, but
they could add JavaScript code that could be harmful to visitors, (or just
annoying).
So I want to prevent them from running bad scripts on the visitors of their
pages.
Scripts like...
What I was thinking of doing was
1) Send me an email when any user adds an entry with the word "<SCRIPT" in
it
2) Send me an email when any user adds an entry with the word "<EMBED" in it
3) Replace "location.replace(...)" with "/*location.replace*/(...)" to
prevent been redirected to another page on load.
Would point 1) and 2) ensure that I catch all the possible scripts, (or is
there another way of starting a script)?
What other code do you think I should 'monitor'?
Simon
I have a site where users have been granted a lot of flexibility when it
comes to entries.
They cannot add any code as far as I can see that would harm the server, but
they could add JavaScript code that could be harmful to visitors, (or just
annoying).
So I want to prevent them from running bad scripts on the visitors of their
pages.
Scripts like...
What I was thinking of doing was
1) Send me an email when any user adds an entry with the word "<SCRIPT" in
it
2) Send me an email when any user adds an entry with the word "<EMBED" in it
3) Replace "location.replace(...)" with "/*location.replace*/(...)" to
prevent been redirected to another page on load.
Would point 1) and 2) ensure that I catch all the possible scripts, (or is
there another way of starting a script)?
What other code do you think I should 'monitor'?
Simon