antoine wrote:
Hello , Consider that i have an html , javascript , php site.My goal is to somehow modify the html , javascript code before php module does its stuff. It is part of a javascript injection defense system. So i want to mark benign javascript beforephp module adds bad javascript code.I first thought that an output filter is the solution but i suppose that in the phase of the output filter the chunks of data will be already produced after php code generation ( is that right ) ??
Yes So the attack
Apart from the yes above, I cannot add much, because it is not very clear to me what you are trying to achieve, or what you are trying to protect against. You seem to say that it is the php which inserts the "bad" javascript code. But the php runs on your server, so that seems to be the right point to protect, and not later try to undo what it might have done. Or do you let any user load its own php stuff onto your server, and then just run it ?is done and i will mark as benign that bad javascript injection code.Is there a way to cope with this by adding a module-filter to apache and not modify php module code ??
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|