On 5/21/2010 9:24 AM, David Otton wrote:
On 20 May 2010 16:51, Al<n...@ridersite.org> wrote:
I'm not being clear. First pass is thru the blacklist, which effectually
tells hacker to not bother and totally deletes the entry.
If the raw entry gets past the blacklist, it must then only contain my
whitelist tags. e.g., the two examples you cited were caught by the
Ah, gotcha. That seems like a much better approach to me. But if the
whitelist's going to stop the submission, then why bother with a
blacklist at all?
Like I said above, First pass is thru the blacklist, which effectually
tells hackers to not bother and totally deletes the entry.
Also, it's possible that one of my non-techie users can unwittingly enter hack
code. I want to make a big deal of it. My error messages says in red "Illegal
code entered. It was not saved. Reenter your text without it." Remember, I show
them the error segment so they know exactly what the problem is. There is also
another msg which says to contact tech support with a link.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php