[nycphp-talk] wonderful presentation on Tuesday
Rob Marscher
rmarscher at beaffinitive.com
Thu Apr 26 16:43:48 EDT 2007
> How ever can someone inject their code/script onto my webpage? The
> code is on my server so they don't have access to it. Am I missing
> something here?
If you allow the user to submit anything that is then displayed our
your site, they can inject javascript code unless you do a very good
job "sanitizing" the user input.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20070426/b5e32d3d/attachment.html>
More information about the talk
mailing list