On 20 May 2010 16:51, Al n...@ridersite.org wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my
whitelist tags. e.g., the two examples
On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote:
On 20 May 2010 16:51, Al n...@ridersite.org wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must
On 5/21/2010 9:24 AM, David Otton wrote:
On 20 May 2010 16:51, Aln...@ridersite.org wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain
On 21 May 2010 14:21, Ashley Sheridan a...@ashleysheridan.co.uk wrote:
I still think you might be better off using BBCode, which is used on
websites just for this very purpose. When any input comes back, you can
remove all the HTML completely and replace the BBCode tags that you
allow. This
On 5/21/2010 9:21 AM, Ashley Sheridan wrote:
On Fri, 2010-05-21 at 14:24 +0100, David Otton wrote:
On 20 May 2010 16:51, Aln...@ridersite.org wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the
Al wrote:
On 5/21/2010 9:24 AM, David Otton wrote:
On 20 May 2010 16:51, Aln...@ridersite.org wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then
On 5/21/2010 10:36 AM, Jim Lucas wrote:
Al wrote:
On 5/21/2010 9:24 AM, David Otton wrote:
On 20 May 2010 16:51, Aln...@ridersite.org wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw
I have a password-protected, user, on-line editor that I'm hardening against
hackers just in case a user's pw is stolen or local PC is infected.
The user can enter html tags; but, I restrict the acceptable tags to benign
ones. e.g., p, b, table, etc. e.g., no embed... script... etc.
Just to
On 20 May 2010 14:53, Al n...@ridersite.org wrote:
I have a password-protected, user, on-line editor that I'm hardening against
hackers just in case a user's pw is stolen or local PC is infected.
The user can enter html tags; but, I restrict the acceptable tags to benign
ones. e.g., p, b,
On 20 May 2010 13:53, Al n...@ridersite.org wrote:
I have a password-protected, user, on-line editor that I'm hardening against
hackers just in case a user's pw is stolen or local PC is infected.
The user can enter html tags; but, I restrict the acceptable tags to benign
ones. e.g., p, b,
On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote:
On 20 May 2010 13:53, Al n...@ridersite.org wrote:
I have a password-protected, user, on-line editor that I'm hardening against
hackers just in case a user's pw is stolen or local PC is infected.
The user can enter html tags; but, I
On 5/20/2010 10:07 AM, Ashley Sheridan wrote:
On Thu, 2010-05-20 at 14:27 +0100, David Otton wrote:
On 20 May 2010 13:53, Aln...@ridersite.org wrote:
I have a password-protected, user, on-line editor that I'm hardening against
hackers just in case a user's pw is stolen or local PC is
On 20 May 2010 15:52, Al n...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable tags. The
But that's not what you've done. You've blacklisted the following patterns:
\script\x20,
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable tags. The
But that's not what you've done. You've
On Thu, 2010-05-20 at 11:51 -0400, Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable tags. The
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable
tags. The
But that's not what you've done.
On 5/20/2010 12:02 PM, Jim Lucas wrote:
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine entry text to a whitelist of benign, acceptable
tags.
On Thu, 2010-05-20 at 12:40 -0400, Al wrote:
On 5/20/2010 12:02 PM, Jim Lucas wrote:
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.org wrote:
I agree blacklisting is a flawed approach in general. My approach is to
strictly confine
On 5/20/2010 12:43 PM, Ashley Sheridan wrote:
On Thu, 2010-05-20 at 12:40 -0400, Al wrote:
On 5/20/2010 12:02 PM, Jim Lucas wrote:
Al wrote:
On 5/20/2010 11:23 AM, David Otton wrote:
On 20 May 2010 15:52, Aln...@ridersite.orgwrote:
I agree blacklisting is a flawed approach in
19 matches
Mail list logo