Stuart Dallas wrote:
On Monday, 18 April 2011 at 20:50, tedd wrote:
The form as-is produced a javascript alert() and now it doesn't.
This is not a browser change because it's happening before the browser sees the
response (try it with curl).
It is the browser, chrome will prevent execution
On Mon, Apr 25, 2011 at 19:12, Nathan Rixham nrix...@gmail.com wrote:
It is the browser, chrome will prevent execution because the code was sent
in the request, just check the javascript console and you'll see something
like:
Refused to execute a JavaScript script. Source code of script
At 7:45 PM -0400 4/25/11, Daniel Brown wrote:
On Mon, Apr 25, 2011 at 19:12, Nathan Rixham nrix...@gmail.com wrote:
It is the browser, chrome will prevent execution because the code was sent
in the request, just check the javascript console and you'll see something
like:
Refused to
On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
Hi gang:
Quite some time ago I had a demo that showed Javascript injection. It
was where a user could type in:
script alert(Evil Code);/script
and a JavaScript alert would be shown.
But now my demo no longer works. So, what happened?
Javascript:alert(Hello World);
The browsers have had many updates since last I seen this work.
PHP Server side.
JavaScript Client/Browser Side.
Richard L. Buskirk
You can't grow your business with systems that are on life support...
-Original Message-
From: tedd
Is someone up to Cross Site Scripting? ;)
--Shreyas
On Mon, Apr 18, 2011 at 10:39 PM, Joshua Kehn josh.k...@gmail.com wrote:
On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
Hi gang:
Quite some time ago I had a demo that showed Javascript injection. It
was where a user could type in:
On Mon, 2011-04-18 at 22:43 +0530, Shreyas Agasthya wrote:
Is someone up to Cross Site Scripting? ;)
--Shreyas
On Mon, Apr 18, 2011 at 10:39 PM, Joshua Kehn josh.k...@gmail.com wrote:
On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
Hi gang:
Quite some time ago I had a demo
ad...@buskirkgraphics.com wrote in message
news:005501cbfdeb$457839c0$d068ad40$@com...
Javascript:alert(Hello World);
The browsers have had many updates since last I seen this work.
?? You're saying that alert doesn't work on your browse? Gee - it works
on mine.
--
PHP General Mailing
...@albanyhandball.com]
Sent: Monday, April 18, 2011 2:03 PM
To: php-general@lists.php.net
Subject: Re: [PHP] JavaScript Injection ???
ad...@buskirkgraphics.com wrote in message
news:005501cbfdeb$457839c0$d068ad40$@com...
Javascript:alert(Hello World);
The browsers have had many updates since last I seen
...
-Original Message-
From: Jim Giner [mailto:jim.gi...@albanyhandball.com]
Sent: Monday, April 18, 2011 2:03 PM
To: php-general@lists.php.net
Subject: Re: [PHP] JavaScript Injection ???
ad...@buskirkgraphics.com wrote in message
news:005501cbfdeb$457839c0$d068ad40$@com
At 1:09 PM -0400 4/18/11, Joshua Kehn wrote:
On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
Hi gang:
Quite some time ago I had a demo that showed Javascript injection. It
was where a user could type in:
script alert(Evil Code);/script
and a JavaScript alert would be shown.
But now my
On Mon, Apr 18, 2011 at 14:42, tedd t...@sperling.com wrote:
No, I had a simple form where IF the user entered:
script alert(Evil Code);/script
-- into the form's text field (i.e., $_POST['text'] ) AND clicked Submit,
the form would
echo( $_POST['text'] );
-- and that would produce a
On Mon, 2011-04-18 at 14:42 -0400, tedd wrote:
At 1:09 PM -0400 4/18/11, Joshua Kehn wrote:
On Monday, April 18, 2011 at 1:06 PM, tedd wrote:
Hi gang:
Quite some time ago I had a demo that showed Javascript injection. It
was where a user could type in:
script alert(Evil Code);/script
At 2:46 PM -0400 4/18/11, Daniel Brown wrote:
On Mon, Apr 18, 2011 at 14:42, tedd t...@sperling.com wrote:
No, I had a simple form where IF the user entered:
script alert(Evil Code);/script
-- into the form's text field (i.e., $_POST['text'] ) AND clicked Submit,
the form would
echo(
On Monday, 18 April 2011 at 20:50, tedd wrote:
Daniel et al:
Sorry -- I'm not making myself clear.
The form as-is produced a javascript alert() and now it doesn't.
It doesn't make any difference if I use stripslashes() or not, it
still will NOT produce a javascript alert as it used to
On Mon, Apr 18, 2011 at 15:50, tedd t...@sperling.com wrote:
It doesn't make any difference if I use stripslashes() or not, it still will
NOT produce a javascript alert as it used to do.
Interestingly enough, I copied your index.php file to index2.php
on the server and modified it to use
At 4:44 PM -0400 4/18/11, Daniel Brown wrote:
On Mon, Apr 18, 2011 at 15:50, tedd t...@sperling.com wrote:
It doesn't make any difference if I use stripslashes() or not, it still will
NOT produce a javascript alert as it used to do.
Interestingly enough, I copied your index.php file to
17 matches
Mail list logo