in reply to Re: (nrd) Filtering potentially dangerous URI schemas in <a href="...">
in thread Filtering potentially dangerous URI schemas in <a href="...">
Sure it has legimate uses. The problem is that allowing third party to put arbitrary javascript code on a web site is insecure. It is called Cross Site Scripting.
I'd like to suggest that if any sort of link filtering were to be done on Perl Monks, let it be the removal of onLoad and onUnload JavaScript actions.
IIRC filtering of these and similar attributes is already implemented.
--
Ilya Martynov, ilya@iponweb.net
CTO IPonWEB (UK) Ltd
Quality Perl Programming and Unix Support
UK managed @ offshore prices - http://www.iponweb.net
Personal website - http://martynov.org
|
---|