[Zope] How to filter unwanted strings within a form's textarea?
Ausum
augusto@artlover.com
Thu, 12 Jul 2001 23:37:44 -0500
Just paste it in a page.
It means that a an URL can be camouflaged, for example, using this
plain simple javascript function, bypassing the pretemded filter.
Fortunately my concerns are that our users have a simple aid to not
breaking the rule of not linking to external images. (This type of code
would be a misuse, and certainly liable to prosecute.)
Ausum
Paul Winkler wrote:
>
> Oliver Bleutgen wrote:
> > Just be careful Ausum, you might end in a world of pain if your users get
> > ambitious:
> >
> > <div onMouseover="document.write(unescape('%3c%69%6d%67%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%7a%6f%70%65%2e%6f%72%67%2f%49%6d%61%67%65%73%2f%7a%6f%70%65%6c%6f%67%6f%2e%67%69%66%22%3e'))">
> > touch me
> > </div>
>
> What the heck does that do?
>
> --
> ................... paul winkler ....................
> custom calendars & printing: http://www.calendargalaxy.com
> A member of ARMS: http://www.reacharms.com
> home page: http://www.slinkp.com
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )