Re: (nrd) Filtering potentially dangerous URI schemas in <a href="...">

Perl Monks has a pretty good filtering system so that all nodes that contain malicious or copyrighted content are quickly filtered out.

I don't like JavaScript, but it does have some useful and entertaining uses.

I'd like to suggest that if any sort of link filtering were to be done on Perl Monks, let it be the removal of onLoad and onUnload JavaScript actions. They're the sneaky ones, for they will execute without user intervention (and most likely without the user's knowledge).

You could also surf with JavaScript turned off... ;)

John J Reiser
newrisedesigns.com

Comment on Re: (nrd) Filtering potentially dangerous URI schemas in <a href="...">

Replies are listed 'Best First'.
Re: Re: (nrd) Filtering potentially dangerous URI schemas in <a href="..."> by IlyaM (Parson) on Oct 20, 2002 at 13:57 UTC
I don't like JavaScript, but it does have some useful and entertaining uses. Sure it has legimate uses. The problem is that allowing third party to put arbitrary javascript code on a web site is insecure. It is called Cross Site Scripting. I'd like to suggest that if any sort of link filtering were to be done on Perl Monks, let it be the removal of onLoad and onUnload JavaScript actions. IIRC filtering of these and similar attributes is already implemented. -- Ilya Martynov, ilya@iponweb.net CTO IPonWEB (UK) Ltd Quality Perl Programming and Unix Support UK managed @ offshore prices - http://www.iponweb.net Personal website - http://martynov.org	[reply]
Re: Re: (nrd) Filtering potentially dangerous URI schemas in <a href="..."> by dws (Chancellor) on Oct 20, 2002 at 17:00 UTC
I don't like JavaScript, but it does have some useful and entertaining uses. Listening to both sides, I'm hearing "It's all fun and games until someone gets an eye poked out." I'll side with IlyaM on this. Arbitrary Javascript in URL schemes is Not A Good Thing.	[reply]


Syntactic Confectionery Delight
	PerlMonks