It is DB stuff because anything put into the DB eventually gets taken out and it needs to be translated into safe information before deposit. Yes there is script handing on removal
It is DB stuff because anything put into the DB eventually gets taken out and it needs to be translated into safe information before deposit. Yes there is script handing on removal
ok, you are right, that is stored xss
i remember that from a forum i ran as part of my job years ago, we found an xss bug in the php code and fixing it was difficult because it required rewriting all database entries to fix it. so we changed it to encode on the output and that was much easier and did not require any database encoding.
ok, you are right, that is stored xss
i remember that from a forum i ran as part of my job years ago, we found an xss bug in the php code and fixing it was difficult because it required rewriting all database entries to fix it. so we changed it to encode on the output and that was much easier and did not require any database encoding.
The only problem with that is it makes the DB non-modular at that point and anyone using it has to know to fix the data coming out but yes
The only problem with that is it makes the DB non-modular at that point and anyone using it has to know to fix the data coming out but yes
yes, that was maybe in 2008 and the site is shut down for some time now
yes, that was maybe in 2008 and the site is shut down for some time now
(post is archived)