On 04/18/2011 12:06 PM, tedd wrote:
> Hi gang:
>
> Quite some time ago I had a demo that showed Javascript injection. It
> was where a user could type in:
>
> <script> alert("Evil Code");</script>
>
> and a JavaScript alert would be shown.
>
> But now my demo no longer works. So, what happened? Was there a php
> update that prohibited that sort of behavior or did hosts start setting
> something to OFF, or what?
>
> If you know, please explain.
>
> Thanks,
>
> tedd
Most likely like magic_quotes_gpc. Suhosin-Patch may protect against
this as well (can't remember).
--
Thanks!
-Shawn
http://www.spidean.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
