At 7:45 PM -0400 4/25/11, Daniel Brown wrote:
On Mon, Apr 25, 2011 at 19:12, Nathan Rixham wrote:
It is the browser, chrome will prevent execution because the code was sent
in the request, just check the javascript console and you'll see something
like:
"Refused to execute a JavaScript s
On Mon, Apr 25, 2011 at 19:12, Nathan Rixham wrote:
>
> It is the browser, chrome will prevent execution because the code was sent
> in the request, just check the javascript console and you'll see something
> like:
>
> "Refused to execute a JavaScript script. Source code of script found within
>
Stuart Dallas wrote:
On Monday, 18 April 2011 at 20:50, tedd wrote:
The form "as-is" produced a javascript alert() and now it doesn't.
This is not a browser change because it's happening before the browser sees the
response (try it with curl).
It is the browser, chrome will prevent executio
On Mon, Apr 18, 2011 at 02:42:09PM -0400, tedd wrote:
[snip]
>
> No, I had a simple form where IF the user entered:
>
> alert("Evil Code");
>
> -- into the form's text field (i.e., $_POST['text'] ) AND clicked
> Submit, the form would
>
> echo( $_POST['text'] );
>
> -- and that would produ
At 4:44 PM -0400 4/18/11, Daniel Brown wrote:
On Mon, Apr 18, 2011 at 15:50, tedd wrote:
It doesn't make any difference if I use stripslashes() or not, it still will
NOT produce a javascript alert as it used to do.
Interestingly enough, I copied your index.php file to index2.php
on the
On Mon, Apr 18, 2011 at 15:50, tedd wrote:
>
> It doesn't make any difference if I use stripslashes() or not, it still will
> NOT produce a javascript alert as it used to do.
Interestingly enough, I copied your index.php file to index2.php
on the server and modified it to use stripslashes() a
On Monday, 18 April 2011 at 20:50, tedd wrote:
> Daniel et al:
>
> Sorry -- I'm not making myself clear.
>
> The form "as-is" produced a javascript alert() and now it doesn't.
>
> It doesn't make any difference if I use stripslashes() or not, it
> still will NOT produce a javascript alert as i
At 2:46 PM -0400 4/18/11, Daniel Brown wrote:
On Mon, Apr 18, 2011 at 14:42, tedd wrote:
No, I had a simple form where IF the user entered:
alert("Evil Code");
-- into the form's text field (i.e., $_POST['text'] ) AND clicked Submit,
the form would
echo( $_POST['text'] );
-- and tha
On Mon, 2011-04-18 at 14:42 -0400, tedd wrote:
> At 1:09 PM -0400 4/18/11, Joshua Kehn wrote:
> >On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
> >
> >>Hi gang:
> >>
> >>Quite some time ago I had a demo that showed Javascript injection. It
> >>was where a user could type in:
> >>
> >> alert("Ev
On Mon, Apr 18, 2011 at 14:42, tedd wrote:
>
> No, I had a simple form where IF the user entered:
>
> alert("Evil Code");
>
> -- into the form's text field (i.e., $_POST['text'] ) AND clicked Submit,
> the form would
>
> echo( $_POST['text'] );
>
> -- and that would produce a JavaScript Alert.
>
At 1:09 PM -0400 4/18/11, Joshua Kehn wrote:
On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
Hi gang:
Quite some time ago I had a demo that showed Javascript injection. It
was where a user could type in:
alert("Evil Code");
and a JavaScript alert would be shown.
But now my demo no longer
s with systems that are on life support...
>
>
> -Original Message-
> From: Jim Giner [mailto:jim.gi...@albanyhandball.com]
> Sent: Monday, April 18, 2011 2:03 PM
> To: php-general@lists.php.net
> Subject: Re: [PHP] JavaScript Injection ???
>
>
>
lto:jim.gi...@albanyhandball.com]
Sent: Monday, April 18, 2011 2:03 PM
To: php-general@lists.php.net
Subject: Re: [PHP] JavaScript Injection ???
wrote in message
news:005501cbfdeb$457839c0$d068ad40$@com...
> Javascript:alert("Hello World");
> The browsers have had many updates since last I se
wrote in message
news:005501cbfdeb$457839c0$d068ad40$@com...
> Javascript:alert("Hello World");
> The browsers have had many updates since last I seen this work.
>
?? You're saying that "alert" doesn't work on your browse? Gee - it works
on mine.
--
PHP General Mailing List (http://www.p
On Mon, 2011-04-18 at 22:43 +0530, Shreyas Agasthya wrote:
> Is someone up to Cross Site Scripting? ;)
>
> --Shreyas
>
> On Mon, Apr 18, 2011 at 10:39 PM, Joshua Kehn wrote:
>
> > On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
> > Hi gang:
> > >
> > > Quite some time ago I had a demo that s
Is someone up to Cross Site Scripting? ;)
--Shreyas
On Mon, Apr 18, 2011 at 10:39 PM, Joshua Kehn wrote:
> On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
> Hi gang:
> >
> > Quite some time ago I had a demo that showed Javascript injection. It
> > was where a user could type in:
> >
> > aler
tedd [mailto:t...@sperling.com]
Sent: Monday, April 18, 2011 1:06 PM
To: php-general@lists.php.net
Subject: [PHP] JavaScript Injection ???
Hi gang:
Quite some time ago I had a demo that showed Javascript injection. It
was where a user could type in:
alert("Evil Code");
and a JavaScript a
On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
Hi gang:
>
> Quite some time ago I had a demo that showed Javascript injection. It
> was where a user could type in:
>
> alert("Evil Code");
>
> and a JavaScript alert would be shown.
>
> But now my demo no longer works. So, what happened? Was
Hi gang:
Quite some time ago I had a demo that showed Javascript injection. It
was where a user could type in:
alert("Evil Code");
and a JavaScript alert would be shown.
But now my demo no longer works. So, what happened? Was there a php
update that prohibited that sort of behavior or did
19 matches
Mail list logo