Results 1 to 6 of 6

Thread: sanitize tags

  1. #1

    Thumbs down sanitize tags

    Hi,
    just observed that the tags are not sanitized , thus leading to xss.
    please add this function..

    thanks !

  2. #2
    Join Date
    May 2005
    Location
    China & France
    Posts
    6,492

    Default

    I will add it.

  3. #3

    Default

    Yeah, please add it ASAP, I was able to insert javascript to tags..
    thanks

  4. #4

    Default

    k..any one can even put ads using tags
    I dont post the xss code, but yab please fix asap..


    thanks

  5. #5
    Join Date
    May 2005
    Location
    China & France
    Posts
    6,492

    Default

    I think that is not an issue. The javascript appears but could not run: the code has been already evaluated. What the tag shows depends on the user, but you can delete the weriod issue later.

  6. #6

    Default

    Quote Originally Posted by yabsoft View Post
    I think that is not an issue. The javascript appears but could not run: the code has been already evaluated. What the tag shows depends on the user, but you can delete the weriod issue later.

    but atleast, the html tags are displaying
    in my site some one had put <h1>message</h1> as tags, and it became h1 ..
    htmlentities is good to block xss
    example
    $tags= htmlentities($tag, ENT_QUOTES);

    but I dont know how to integrate to script..
    thanks

Similar Threads

  1. AIHS Tags system (finally here)
    By Rizzler in forum Modifications and Skin
    Replies: 25
    Last Post: 01-05-2009, 11:12 PM
  2. tags for galleries
    By vaggos13 in forum Troubleshooting And Problems
    Replies: 1
    Last Post: 12-13-2007, 04:25 PM
  3. Question about tags
    By Rizzler in forum Troubleshooting And Problems
    Replies: 7
    Last Post: 10-26-2007, 07:12 PM
  4. Search and Tags?
    By chronoshift in forum Suggestions & Feature Request
    Replies: 2
    Last Post: 07-03-2007, 05:06 PM
  5. meta tags on each page?
    By innovatorr in forum General
    Replies: 6
    Last Post: 10-16-2006, 06:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •