Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: (nrd) Filtering potentially dangerous URI schemas in <a href="...">

by newrisedesigns (Curate)
on Oct 20, 2002 at 13:35 UTC ( #206650=note: print w/replies, xml ) Need Help??


in reply to Filtering potentially dangerous URI schemas in <a href="...">

Perl Monks has a pretty good filtering system so that all nodes that contain malicious or copyrighted content are quickly filtered out.

I don't like JavaScript, but it does have some useful and entertaining uses.

I'd like to suggest that if any sort of link filtering were to be done on Perl Monks, let it be the removal of onLoad and onUnload JavaScript actions. They're the sneaky ones, for they will execute without user intervention (and most likely without the user's knowledge).

You could also surf with JavaScript turned off... ;)

John J Reiser
newrisedesigns.com

  • Comment on Re: (nrd) Filtering potentially dangerous URI schemas in <a href="...">

Replies are listed 'Best First'.
Re: Re: (nrd) Filtering potentially dangerous URI schemas in <a href="...">
by IlyaM (Parson) on Oct 20, 2002 at 13:57 UTC
    I don't like JavaScript, but it does have some useful and entertaining uses.

    Sure it has legimate uses. The problem is that allowing third party to put arbitrary javascript code on a web site is insecure. It is called Cross Site Scripting.

    I'd like to suggest that if any sort of link filtering were to be done on Perl Monks, let it be the removal of onLoad and onUnload JavaScript actions.

    IIRC filtering of these and similar attributes is already implemented.

    --
    Ilya Martynov, ilya@iponweb.net
    CTO IPonWEB (UK) Ltd
    Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net
    Personal website - http://martynov.org

Re: Re: (nrd) Filtering potentially dangerous URI schemas in <a href="...">
by dws (Chancellor) on Oct 20, 2002 at 17:00 UTC
    I don't like JavaScript, but it does have some useful and entertaining uses.

    Listening to both sides, I'm hearing

    "It's all fun and games until someone gets an eye poked out."
    I'll side with IlyaM on this. Arbitrary Javascript in URL schemes is Not A Good Thing.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://206650]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (5)
As of 2022-12-02 10:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?