I am going to be allowing users on my website to upload and edit their
own HTML files. I want the location of these files to be in the
directory tree which is handled by Embperl (because I want EmbperlObject
to be doing some work).
Obviously it would be undesirable to let arbitrary Perl code be included
in such HTML files, so I will be stripping out all instances of the
following tokens when files are uploaded or edited:
[-
[+
[!
[*
[$
... and the closing versions of these tokens too. It seems to me that
this would effectively prevent any code from being executed in these
files. But I want to run this by you more experienced heads out there.
Am I missing something that would allow a sneaky user to get some code
executed in the HTML? I am using Apache on Linux, and server-side
includes are disabled. Anything else I am missing?
Any ideas welcomed.
TIA
-Neil
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
