Dave Cobb wrote:
> I need to parse input from a form so only alphanumeric and numeric
> characters are let through. I know this is easy in Perl as I use code and parse
> forms using Perl, however using VBscript in ASP is a different matter. (although not
> impossible I will complete this today).
I don't know about VBScript, but JScript has a regular expression object in ASP. This
can be used just like Perl (for the most part) to parse out invalid characters. In
VBScript, there's a Filter function, that can take a list of strings, and returns only
those that match the filter criteria. I don't know if this is what you want, though.
> The way which it works is that ANY command can be passed from the form,
> this makes it futureproof - BUT here is the security risk. If any command
> is passed then someone can hack the commands passed from the form and
> execute anything on a command line basis. Therefore parsing form contents
> is required, e.g. no carriage returns or \n\r, etc..
As Stephen, says, you definitely need to use the array of forbidden commands - and this
should be something that can be set by the sysadmin, as there are commands the sysadmin
may not want allowed from the form.
This really shouldn't be too hard to implement and the only future changes that would
have to be mad would be to add new unsafe entries to the default forbidden list -- not
to hard a task.
HTH,
--
Jeremy Wadsack
Digital Media Consultant
___________________________
Wadsack-Allen Digital Group
http://www.wadsack-allen.com/digitalgroup/
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/analog-help@lists.isite.net/
------------------------------------------------------------------------
