That makes sense with database data, but how about "hijacking" the submit
button by putting their script on the button/image that sends the login info to
a different domain site?
I'm not really looking for a specific how it's done (of course), but more for
how ever is it possible if the webpage code is in a secure place?
----- Original Message ----
From: Rob Marscher <[EMAIL PROTECTED]>
To: NYPHP Talk <[email protected]>
Sent: Thursday, April 26, 2007 4:43:48 PM
Subject: Re: [nyphp-talk] wonderful presentation on Tuesday
How ever can someone inject their code/script onto my webpage? The code is on
my server so they don't have access to it. Am I missing something here?
If you allow the user to submit anything that is then displayed our your site,
they can inject javascript code unless you do a very good job "sanitizing" the
user input.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
