sporfex
asked on
META - redirect security
Hi.
I have a form where users can write text online and also use html in it. I know that you can redirect to another page using some META. How can I prevent this?
Shall I check the string if it include som words?
Let play a little bit here..
Let say that I shall store strInput in a table field and I want to check it before. How can that code look like?
Rgrds
I have a form where users can write text online and also use html in it. I know that you can redirect to another page using some META. How can I prevent this?
Shall I check the string if it include som words?
Let play a little bit here..
Let say that I shall store strInput in a table field and I want to check it before. How can that code look like?
Rgrds
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
But can they use ordinary links etc. They should.
like
<b></b>
<font color='red'></font>
<a href....
etc.
Want them to use such shings.
like
<b></b>
<font color='red'></font>
<a href....
etc.
Want them to use such shings.
that would still work if you use the second method of replacing <% and meta...
ASKER
Spme code suggestion how to use replace?
Replace function Code example.
<%
Dim str
str = "<%haha"
Response.Write str & "<br>"
str = replace(str, "<%", "//")
Response.Write str
%>
hongjun
<%
Dim str
str = "<%haha"
Response.Write str & "<br>"
str = replace(str, "<%", "//")
Response.Write str
%>
hongjun
'get the current value
strNewValue = request("yourFormField")
'replace <%
strNewValue = replace(strNewValue,"<%","
'replace meta
strNewValue = replace(strNewValue,"meta"
'save the new value to the database
rs("fieldName") = strNewValue
strNewValue = request("yourFormField")
'replace <%
strNewValue = replace(strNewValue,"<%","
'replace meta
strNewValue = replace(strNewValue,"meta"
'save the new value to the database
rs("fieldName") = strNewValue
here is the basic workings of replace()
replace(strInput,strFind,s
replace looks in strInput for all occurances of strFind. It replaces each occurance with the contents of strReplace.
strInput = "thisandthat"
'replace every t with x in the string "thisandthat"
strInput = replace(strInput,"t","x")
'strInput now holds "xhisandxhax"
replace(strInput,strFind,s
replace looks in strInput for all occurances of strFind. It replaces each occurance with the contents of strReplace.
strInput = "thisandthat"
'replace every t with x in the string "thisandthat"
strInput = replace(strInput,"t","x")
'strInput now holds "xhisandxhax"
if you need to use the client side script then you will need to replace multiple items...
I would replace <% with >%.
I would replace meta with something like me ta.
there are probably many more, but that is what pops to mind right now.