Page 1 of 1

How hard would it be to use javascript in a PM

Posted: Mon Dec 12, 2005 6:27 pm
by davidprogramer
Well. I am having a little trouble here because users can easily change the variables sent in a PM (the globals in a link which puts them in a clan or sends a reject). SO I was wondering. With javascript it would make it harder. How hard (or is it even possible) to put javascript links in a PM?

Posted: Mon Dec 12, 2005 6:52 pm
by Chris Corbyn
8O

Posted: Mon Dec 12, 2005 7:15 pm
by davidprogramer
lol does that mean "REALLY EFFIN HARD MAN" or a "ARE YOU RETARDED?"

Posted: Mon Dec 12, 2005 7:18 pm
by Jenk
It means you need to validate, filter and escape your input and variables. (in PHP, not javascript.)

Check that your variables contain what they are allowed to contain before you use them and remember, do not trust any user input.

Posted: Mon Dec 12, 2005 7:22 pm
by davidprogramer
do not trust any user input.
I have to. What I am trying to do is put up brick walls so that it stops the user from being naughty.

Posted: Tue Dec 13, 2005 12:03 am
by Jenk
which you must do in your PHP code as JavaScript is anything but secure. :)

Posted: Tue Dec 13, 2005 12:54 am
by m3mn0n
JS can be used heavily in a client/server model (AJAX) but that's advanced stuff compared to a simple PHP processing class/function.

And no. You do not "have to" trust user input. NEVER TRUST IT :!:

Sure, your users might not be out to do something bad, but I bet any money if a hacker did a security scan on your site looking for faults in the system and discovered you had a leak in your security, they would abuse that to no end.

Never trust user input.