Why it's important to protect against HTML injection

[OsamaBinBBQ]

When will people learn their lesson? This is why it's important to protect against HTML injections.

http://www.thecodingstudio.com/index.php?web-design-page=international-web-design&serving=Tasty+Balls

yields

Tasty Balls Web Site Design | Tasty Balls Business Web Page Design Company | Professional, Affordable Tasty Balls Web Design and Web Development Services | Tasty Balls Custom Business Web Designer

If you're going to be using user submitted values as part of your page content, my advice is to use a white list. If the acceptable values are too variable, try pattern matching, but even this is ify. For the later scenario, you might want to invest your time and/or money in some proper profanity filtering.

Always, always sanitize your input.

 

[Nicky Papers]

Smart. I look at security threats as a real issue these days. You need to be careful if it's your business website or any rev gen site. Money and reputation are at stake!

 

[yellowarrior]

"Creative Linking" is what I like to call it when linking to your SEO competition.

 

[JackLinks]

....

 

[OsamaBinBBQ]

I think the point was that you can use this type of exploit to do some negative marketing if you were so inclined.

 

[Nostalgae]

"Creative Linking" is what I like to call it when linking to your SEO competition.

I think the point was that you can use this type of exploit to do some negative marketing if you were so inclined.

You guys are on the same page.

 

[ikonic]

or you could use it to get free backlinks and come to the dark side... luke

thewebsite.com/index.php?web-design-page=international-web-design&serving=Tasty+Balls"<a href=freebacklink>keywords</a>