Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Javascript Clean HTML

>> Tuesday, April 24, 2012

Normally when using WYSIWYG editors liks CKEditor, you allow the user to enter poorly formatted HTML, this isn't really a big issue most of the time, but you have to be very careful with this, for example, if you allow them to enter any html, they could easily send a tag with a custom request, and XSS injection.

This isn't about security but a little help with managing the generated HTML, I needed a function to clean empty tags, thanks to the awesomeness of Regular Expressions, I ended up with this little guy


String.prototype.htmlTrim = function () {
        return this.replace(/<(p|div|span|b|u|i|strong|em|h\d+)>\s*\n*\t*[ ]*\s*\n*\t*<\/\1>/, '');
};

That will clean all empty tags, but it won't fix much more. Anyways! I think this might be helpful for some people so I'm sharing it here.

Usage is


myString.htmlTrim();

Read more...
Posted by gosukiwi at 1:00 PM
Labels: , ,

NoSQL Request Injection Attacks with PHP Magic Variables

>> Monday, March 7, 2011

A "new" and interesting injection in PHP has been pointed out, and although very easy to defend against, it's pretty interesting. You can read more about it on the php website.

Read more...
Posted by gosukiwi at 9:01 PM
Labels: ,
Subscribe to: Posts (Atom)

  © Blogger template Simple n' Sweet by Ourblogtemplates.com 2009

Back to TOP