Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Is it safe to embed a webpage inside another webpage with external origin.
User can also choose what webpages to embed, and it could be anything, valid webpage.
Can those webpages access my document? manipulate javascript and does it have some XSS vulnerabilities?
Generally I'm interesting if it is safe, or if there is a way to secure it.
They cannot access your document. You cannot access their documents either.
The only 'dangers' are:
Annoying popups
Annoying alerts()
Viruses (JavaScript exploits (example), Drive-by downloads)
I don't recommend doing it! Especially not if users can share their own included sites.
Even if the external sites do not contain viruses, these sites are (from a user's perspective) on your site and can affect your reputation.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I suspect that someone has copy-pasted my website HTML and is using it as their own. How can I find out who it is? Is there any way to track them down?
I know that I can reverse-image search.
Is there a way to search the internet by webpage html fragments?
If they didn't rehost my resources, is there a way to check who is hotlinking my CSS or JS, if anyone? (what this person mentioned but didn't explain Hotlinking my Cascading Style Sheets )
You can check the request body fields, assuming that they're stealing your server's bandwith. You can also write a crawler that tries to match your html with other but It won't be reliable. Maybe you can use Google to find specific html blocks: http://en.wikipedia.org/wiki/Google_hacking
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
I host a small website for my company of the hosting service called Ipage. I use the on website editor to edit my code. When ever I make edits to my HTML or CSS it does not update on the site. I have tried editing the .htdocs file to stop cache but I didn't seem to work. I am open to anything!
Thanks!
You were right on the sense that I does have somthing to do with the cache, but you where wrong in editing the .htdocs file. Ipage uses a cache system that will make the website faster when you have multiple users on it at the same time. This was commonly a problem so Ipage made a little tool for you! http://www.ipage.com/controlpanel/cachecontrol/ That is a link to the page that will allow you to turn of all the cache on your serve.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
Like here on Stack Overflow, when one asks a question, that question is now a tag of some page, is a new page created inside the the server with the name of the a tag so that search engines can find it, how does this work?
If no pages are created, where is this data of all the tags kept?
I see for this very page, Stack overflow haas this facebook tag.
<meta name="og:description" content="Like here on stack over flow, when one asks a question, that question is ">
The data is stored in a database.
The pages are generated by having the HTTP server invoke a piece of software which examines the URL, fetches the appropriate data from the database, and outputs some HTML.
There are numerous ways to do this including psgi, FastCGI, CGI, and wsgi.
that information used when you post a link to this page to facebook. just try it and you will see the result.
details: http://ogp.me/
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have a site currently under development which I allow users to post comments. I want to know if there is a potential security issue if a user maliciously posts HTML elements. I know allowing javascript or CSS is dangerous, but what about HTML?
Yes, there are security issues like iframe as mentioned in the comments. OWASP has a very detailed page on dealing with 3rd party content here: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet .
Various languages offer libraries to deal with this:
Rails: http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
PHP: http://htmlpurifier.org/comparison
Many different HTML elements can be used in malicious ways, though iframe and script are the worst. The safest solution is to allow a formatting-only language such as Markdown that can easily be used with most server-side languages.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I've been using HTML5 in websites for about a year now, but the W3C doesn't offer an option to check if an entire domain is valid. There are tools out there to do this with HTML4, but they aren't helpful in HTML5.
Is there an online service or browser extension that can solve this problem? I've looked but couldn't find any.
Did you see the one I wrote? It uses an instance of the Validator.nu engine on our server and it's called HTML Validator Pro. It goes up to 50 pages for free, but I don't know the size of your domain, so I don't know if this will meet your requirements, but I hope so! Please let me know if it works for you and any feedback you have for me.
Thank You
Looking around online, I found a service here: http://html5.validator.nu that provides HTML 5 verification for the entire domain. Have you also seen Total Validator? http://www.totalvalidator.com It also seems to do what you are looking to accomplish.