Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have a site currently under development which I allow users to post comments. I want to know if there is a potential security issue if a user maliciously posts HTML elements. I know allowing javascript or CSS is dangerous, but what about HTML?
Yes, there are security issues like iframe as mentioned in the comments. OWASP has a very detailed page on dealing with 3rd party content here: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet .
Various languages offer libraries to deal with this:
Rails: http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
PHP: http://htmlpurifier.org/comparison
Many different HTML elements can be used in malicious ways, though iframe and script are the worst. The safest solution is to allow a formatting-only language such as Markdown that can easily be used with most server-side languages.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 5 years ago.
Improve this question
I need to record some detailed info for a number of web pages. Most of this info I've been finding by inspecting each page's HTML code.
For the language attribute, I've been searching 'lang', 'language', and 'content-language' if the info isn't readily available in the metadata or header. Which until now has been working.
I'm stumped on a Chinese site. I've scrolled though a lot of the site's code, but I'm not familiar with HTML or XML or website programming in general, so I don't know whether I'm looking in the wrong spot or if I should be looking for something else entirely.
This is the individual product page I started at. I've looked at the code for the main site too with no luck.
Not all websites declare their content language explicitly. If you cannot find any lang HTML attributes, and the site doesn't send a Content-Language header, you'll just have to guess the language by analyzing the contents of the page.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I was reading a Wikipedia article when I came accross this page.
Can anyone explain to me the meaning of HTML used as a server-side programming language?
Looks like the information was incorrectly taken from This blog post (it's the reference on the wiki page you linked)
The image on the blog that relates to server-side programming languages is this: http://blog.stoneriverelearning.com/wp-content/uploads/2015/11/blog3.jpg
Looks like whoever transcribed the information confused "Ruby and others" with "HTML" somehow.
All in all this is a good demonstration of why wikipedia isn't a flawless resource.
HTML is used for rendering contents of a web page.I am not sure if it can be used as a programming language.It is a markup language as I understand.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am currently building an HTML web site and i need the make it multilingual ...
so i was asking what are the best solutions?
Should I use sub domains http://en.mysite.com, or make it simple, e.g.:
mysite.com/en/index.htm -
mysite.com/fr/index.htm
Should I translate everything for all language or are there tools to auto translate?
Finally, how can I make the website detect the users location and redirect him to his language?
Generally, I would say to have higher rank in search engines it might be better to avoid subdomains.
Since you only have HTML, the redirection solutions are not good enough to consider them. For instance if someone decide to visit English version from Paris, to avoid annoying redirections you might need to keep track of this choice by cookies.
Instead of redirection you can still suggest a language for them (according to their location). It's possible by google loader: https://developers.google.com/loader/
You could use /your/path?lang=en.
To detect the users language, see: https://stackoverflow.com/a/8199791/1500022
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
I want to put some information about developer of site and not know how to do it in HTML or with use microdata or note (i.e. schema.org or other).
Can you share some how to put information about developer (I will be partially author, publisher)?
If the developer is not the publisher/creator/editor/author/contributor of the page/content, you cannot use properties of http://schema.org/WebPage nor the Dublin Core vocabulary.
Maybe you could use the properties foaf:made and/or foaf:maker from the FOAF vocabulary. But I’m not sure about it, as they seem to be closely related to dc:creator, which wouldn’t be appropriate. Maybe have a look at foaf:currentProject and foaf:pastProject, too.
The humans.txt could be used to informally note any developers/designers etc.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I've been having a lot of trouble parsing the DOM of a remote webpage using AJAX. I don't seem to be able to find any example or tutorials demonstrating this procedure.
I basically want to search through the DOM of a remote page, find a tag with a specific id/class, take the inner contents of that tag and print it out on my own page.
If anyone can help i'd appreciate it.
The same-origin-policy browsers have do not allow you to access external pages for security reasons. You need to use e.g. a PHP script on your server to retrieve the external site's HTML. Then you can make an AJAX call to that script instead.
You could always use this: http://simplehtmldom.sourceforge.net
Easy to use.