It occurred to me while writing my CMS the other day that one tag I definitely had to filter out was both sides of the comment tag.. [!-- and --].
You see, you can easily destroy a guestbook or forum or anything that allows you to enter html but just placing the beginning of a comment tag in one spot and then in another post a while later, post the finish..
Also.. I'd suggest censoring.. TABLE, IFRAME, IMG, ILAYER, SPAN, TD, TR, and their closing counterparts... A good webmaster good take over a page that way.. They can close out all of your tags and start their own tags and have their own site going, obviously not good.
Need help in censoring these tags?
// Assuming your variable is called myvar.
// You'll know that I'm using square brackets rather than
// the standard html brackets.. That is just
// for demonstration, all you need to do in your code is
// change to the proper bracket.
Thanks,
Tony Hicks [ Founder of <A href=" online bible. ]
You see, you can easily destroy a guestbook or forum or anything that allows you to enter html but just placing the beginning of a comment tag in one spot and then in another post a while later, post the finish..
Also.. I'd suggest censoring.. TABLE, IFRAME, IMG, ILAYER, SPAN, TD, TR, and their closing counterparts... A good webmaster good take over a page that way.. They can close out all of your tags and start their own tags and have their own site going, obviously not good.
Need help in censoring these tags?
// Assuming your variable is called myvar.
Code:
<CFLOOP list="[!--,--]" index="badTag">
<CFSET myvar=ReplaceNoCase(myvar,"#badTag#","","ALL")>
</CFLOOP>// You'll know that I'm using square brackets rather than
// the standard html brackets.. That is just
// for demonstration, all you need to do in your code is
// change to the proper bracket.
Thanks,
Tony Hicks [ Founder of <A href=" online bible. ]
you can probably strip the everything between the tags as well.