hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Programming Discussion : code to block/prevent JavaScript Injection
Reply

Programming Discussion Discussions related to web programming languages and other related issues. Topics may include configuration, optimization, practical usage and database connectivity.
Forum Jump

code to block/prevent JavaScript Injection

Reply Post New Thread In Programming Discussion Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 01-04-2012, 11:12 PM
sdhost1964 sdhost1964 is offline
Junior Guru Wannabe
  
Join Date: Jun 2007
Posts: 38

code to block/prevent JavaScript Injection

greetings,
I need html code or script ...etc to stop/block or prevent hacker to inject my html page

regards
bob

Reply With Quote


Sponsored Links
  #2  
Old 01-05-2012, 12:17 AM
onel0ve onel0ve is offline
Disabled
  
Join Date: Feb 2010
Posts: 114
install Mod security in your server it will help you

Reply With Quote
  #3  
Old 01-05-2012, 08:34 AM
FocusKieran FocusKieran is offline
Newbie
  
Join Date: May 2010
Posts: 12
A white list of characters is probably the best way to go about it if you're allowing user input. So simply encode the characters you don't want and leave the others as they are, or vice versa encode it all and decode the ones you want...

Reply With Quote
Sponsored Links
  #4  
Old 01-05-2012, 10:38 AM
khunj khunj is offline
Web Hosting Guru
  
Join Date: Mar 2009
Location: /home/khunj
Posts: 313
You need to find/patch the vulnerability and your problem will be solved.

__________________
NinTechNet : IT Security, Virus & Hacking Recovery, Monitoring

Reply With Quote
  #5  
Old 01-05-2012, 02:55 PM
ScottAN ScottAN is offline
Junior Guru Wannabe
  
Join Date: Nov 2004
Posts: 86
I agree with the above. You should not think to be adding code to solve a script injection problem. You should think about fixing the code that you already have that allowed for script injection.

Remember to strictly validate all input received from the client in your scripts.

__________________
Quick, SEO Friendly Backlinks: XEGS.com Web Directory

Image Hosting

Reply With Quote
  #6  
Old 01-08-2012, 02:00 AM
babygekko babygekko is offline
Newbie
  
Join Date: May 2007
Location: AB, Canada
Posts: 10
You mean you're trying to prevent XSS?

This is just one way ... I'm sure there are other ways ..

PHP Code:
        function cleanInput($value)
      {
        $value preg_replace("/[\'\")(;|`,<>]/"""$value); 
        return $value;
      } 
e.g:

PHP Code:
$_GET['the_input'] = cleanInput($_GET['the_input']); 

__________________
Baby Gekko - Advanced Content Management System
http://www.babygekko.com
Follow us on Twitter: http://twitter.com/babygekko

Reply With Quote
  #7  
Old 01-08-2012, 06:16 AM
topgun topgun is offline
Web Hosting Master
  
Join Date: Aug 2003
Posts: 552
Encode all user input to html entities before it is displayed.
Code:
<script>
 alert('xss');
</script>
would become:
Code:
&lt;script&gt;
 alert('xss');
&lt;/script&gt;

Reply With Quote
Reply

Similar Threads
Thread Thread Starter Forum Replies Last Post
Javascript hacking / injection on my server chasebug Dedicated Server 4 03-04-2011 11:45 PM
HELP: javascript / code injection bigdm Hosting Security and Technology 5 01-24-2011 04:09 PM
Javascript file injection issue getting hit a second time Mikie4648 Computers and Peripherals 1 05-27-2010 05:31 PM
How to prevent iframe injection attack? xoleno Hosting Security and Technology 20 04-17-2010 05:54 PM
How to prevent SQl injection? traixanha Hosting Security and Technology 10 06-11-2003 03:05 PM

Related posts from TheWhir.com
Title Type Date Posted
Facebook's Recently Acquired Mobile App Platform Parse Launches Web Hosting for Developers Web Hosting News 2013-05-08 10:49:17
Liquid Web Updates Block Storage, Adding Scale, Cross Mounting Web Hosting News 2012-12-14 16:17:44
OpenStack Adds Networking, Block Storage to Sixth Release Folsom Web Hosting News 2012-09-28 10:55:29
FireHost Report Shows SQL Injections Up 69 Percent Over Q1 2012 Web Hosting News 2012-07-24 16:48:13
European Security Firm SecPoint Releases Cloud Penetrator Scanner Web Hosting News 2011-09-22 18:38:31


« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:

Parallels SVP Automation Oleg Melnikov Joins Runa Capital as Part-Time CTO

Stream Data Centers Achieves LEED Gold Certification for Dallas Facility

Liquid Web Updates Mobile Management Interface with Bill Payment Feature

Rackspace Integrates Mailgun into Cloud Control Panel

Cloudian Releases Connector for Citrix CloudPortal Business Manager 2.0

ControlCircle Partners with Skyscape on Managed Cloud Service for Public UK Organizations

ViaWest to Open 150,000 Square Foot Minneapolis Data Center in Q1 2014

Tenzing Managed IT Services Expands to US with Dallas Data Center

Latisys Launches Disaster Recovery as a Service Offering

Amazon Web Services to Open Virginia Office, Meets FedRAMP Compliance



 

Learn more about advertising opportunities across the iNET Interactive Network.

LiquidWeb
X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?