Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I've been working on a website (lualessons.x10host.com) and I've been told my website can easily be injected by Cross-Site scripting. Is there a good way to fix this? Thank you in advance.
Do you know how XSS works?
If not here's a simple explanation on basic XSS: If you get inputs from users in "type=text" input fields on forms, the user can write javascript like code in it (on your side i could write in the "Username" field something like <script type="text/javascript">alert("hello")</script>). As the username is mostly displayed, this code would be written to the database and afterwards back in the html when someone logs in or visits my Profile. Then this javascript code would be excuted. In this case its just a simple alert so it wouldnt harm anything but I think you get concept now.
To provide protection against that I would use htmlentities($your_string)
in PHP.
So if you get your values via post or get, make sure you convert them to "friendly" values e.g.
<?php
if(isset($_POST["your_name_tag_from_html"])){
$friendlyvalue = htmlentities($_POST["your_name_tag_from_html"]);
}
// do something with $friendlyvalue
?>
I hope this helped you :)
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
(I'm new to all this... instead of closing my question, it would help if I could have an idea of what needs to be done) (please excuse if I'm not asking the proper question for what I'm trying to achieve, new to code)
New to coding: web development Learning HTML, CSS and then JS.
I see websites where data is automatically updated. How is this achieved?
I would like to create a website that will display economic data but not have to manually input the data. How would I incorporate code to automatically do this for me?
Would I use a websites API?
Example of the type of information I would like to display on my own website: https://www.marketwatch.com/economy-politics/calendar
Automatically updated data on a website can be achieved by using an API call. You make a request to an API that has the data and then render the data on your HTML page.
The process requires a good understanding of modern JS concepts.
Search for an API that offers the service you need and read the documentation to understand how to use it.
Let me know if there' anything else.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
Anybody know how to do like this one?(refer to image)i want to make something like this(refer to image) for gmail confirmation on my website, but i don't know where to start.
sample image
This is a broad question, but I'll try to provide some help to get you started.
If you are referring to how to send an email from a website in general, you need to use a script to do so. How you do this is highly dependent on how you are hosting your website. If you are using Node.js, you could take a look at Nodemailer. You will have to do a bit of research with respect to what you are using to host your website.
You would also need some code to generate a link for each users email.
If you are rereferring on how to style email, you can do this with standard HTML and CSS. As far as I know, there is unfortunately no good method to insert HTML source code using Gmail.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I understand that the value of the action attribute is the URL for the page on the server that will receive the information in the form when it is submitted. However, what URL do I use? Do I need to program a new page using PHP (which I don't know how to use yet as I am learning HTML first) or is there a website that can do this for me? (The book I am using just writes the value as: "http://www.example.com/profile.php" - the .php at the end of this URL gave me the the PHP idea)
<form action="WHAT DO I PUT HERE?" method="post">
<p>What's your favorite genre of music?</p>
<textarea name="musician">Who's your favorite artist?</textarea>
<input type="submit" value="submit" />
If it's information that I would like to see and analyse (for example in an online survey) would the URL be different to if I wanted the user simply to upload their thoughts (like a comments box).
Apologies if this is a fairly basic question but I am new to coding websites. Also, just out of interest what is a good way to learn how to code websites? (i.e any suggestions for good books, websites or suchlike?) Thank you so much.
Here's a good resource for what you're trying to do. There's even a specific section for sending/receiving data.
A protip if you're new to web development: stay away from w3schools. Mozilla is a much better resource, cannot stress this enough.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I've been having a lot of trouble parsing the DOM of a remote webpage using AJAX. I don't seem to be able to find any example or tutorials demonstrating this procedure.
I basically want to search through the DOM of a remote page, find a tag with a specific id/class, take the inner contents of that tag and print it out on my own page.
If anyone can help i'd appreciate it.
The same-origin-policy browsers have do not allow you to access external pages for security reasons. You need to use e.g. a PHP script on your server to retrieve the external site's HTML. Then you can make an AJAX call to that script instead.
You could always use this: http://simplehtmldom.sourceforge.net
Easy to use.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
Talking about html forms, does the html obfuscation really works?
Some post on SO says it's really a loss of time, because a talented "hacker" will always find the way to access your form fields (ex. associating Labels to inputs).
Has anybody implemented obfuscation and actually suffered an attack?
I would like to have your opinion about this subject.
Thank's in advance.
Obfuscation can't prevent any hacking, at it's best it's slowing down the process.
Especially with forms - the attacker can just take a look into his webconsole, examine your requests and then forge his own request accordingly.
The only real secure method is checking every incoming request serverside, since your server (hopefully) can't be compromised.
Thus, obfuscating HTML just proves that the author "is a noob" for trusting such a method.
You don't need to be a "talented hacker" to see the HTML source un-obfuscated. It's enough to know how to install a browser e.g. Chrome and use the code inspector. The code inspector presents a nice formatted HTML in any case – since it reads in the DOM, not some mangled raw text.
HTML obfuscation is an obstacle of which I do not see any benefits.