: How to void JavaScript on submission? My friend is kind of web-developer, beginner. I noticed that he didn't purify his user input on form submission, so I could easily save to his DB working

My friend is kind of web-developer, beginner. I noticed that he didn't purify his user input on form submission, so I could easily save to his DB working <script>alert();</script>.

After some nice trolling with JavaScript, he changed his code to swap any < character to s. So for example writing <script>alert();</script> would save to DB as sscript>alert();s/script>.

As being friend, I want to show that this is not the solution, and here goes the question - Is it possible to void JavaScript, when this kind of "security" is used?

10.01% popularity Vote Up Vote Down

: Which browsers do not support user-defined tags? I recently added HTML5 <nav> and <footer> elements to a page, thinking that HTML5-capable browsers would use them for semantic things

@Gail5422790

Posted in: #CrossBrowser #Css #Html5 #InternetExplorer

1 Comments

: Does CloudFlare cache videos, and would this wildcard Page Rule work for that? I'm setting everything up in my website to use CloudFlare. This is my example: On videos.domain.com/Folder-A/Folder-B/

@Gail5422790

Posted in: #Cache #Cdn #Cloudflare #Video

3 Comments

: Nginx writing separately to two different logs I've recently taken over as Sysadmin of a site, and the first thing I noticed was that there were two Nginx access_logs defined: access.log and

@Gail5422790

Posted in: #Logging #Nginx #Ubuntu

1 Comments

: Is compatibility mode in IE enough for verification? I wish to verify that my web site looks ok on different versions of Internet Explorer. Do you consider it to be enough to install latest

@Gail5422790

Posted in: #InternetExplorer #InternetExplorer10 #InternetExplorer8 #InternetExplorer9 #SiteVerification

3 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Nimeshi995

JavaScript should not be used for security, never! JavaScript can easily be turned of. It is good for client validation, but everything related to security should be done on server side, and that includes filtering the inputs.

10% popularity Vote Up Vote Down

Feed

: How to void JavaScript on submission? My friend is kind of web-developer, beginner. I noticed that he didn't purify his user input on form submission, so I could easily save to his DB working

More posts by @Gail5422790

: Which browsers do not support user-defined tags? I recently added HTML5 <nav> and <footer> elements to a page, thinking that HTML5-capable browsers would use them for semantic things

: Does CloudFlare cache videos, and would this wildcard Page Rule work for that? I'm setting everything up in my website to use CloudFlare. This is my example: On videos.domain.com/Folder-A/Folder-B/

: Nginx writing separately to two different logs I've recently taken over as Sysadmin of a site, and the first thing I noticed was that there were two Nginx access_logs defined: access.log and

: Is compatibility mode in IE enough for verification? I wish to verify that my web site looks ok on different versions of Internet Explorer. Do you consider it to be enough to install latest

Login to post a comment!

1 Comments

Back to top | Use Dark Theme