At 3:10 PM -0500 4/18/11, Shawn McKenzie wrote:
On 04/18/2011 12:06 PM, tedd wrote:
Hi gang:
Quite some time ago I had a demo that showed Javascript injection. It
was where a user could type in:
<script> alert("Evil Code");</script>
and a JavaScript alert would be shown.
But now my demo no longer works. So, what happened? Was there a php
update that prohibited that sort of behavior or did hosts start setting
something to OFF, or what?
If you know, please explain.
Thanks,
tedd
Most likely like magic_quotes_gpc. Suhosin-Patch may protect against
this as well (can't remember).
--
Thanks!
-Shawn
Shawn:
Thanks, but it's something else.
Cheers,
tedd
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
