At 4:44 PM -0400 4/18/11, Daniel Brown wrote:
On Mon, Apr 18, 2011 at 15:50, tedd <tedd@xxxxxxxxxxxx> wrote:
It doesn't make any difference if I use stripslashes() or not, it still will
NOT produce a javascript alert as it used to do.
Interestingly enough, I copied your index.php file to index2.php
on the server and modified it to use stripslashes() and, as you said,
it didn't work for me, regardless of how many times I tried.
In Chrome.
Switched over to Firefox and - wouldn't you know? - it worked like
a charm, exactly as expected, when stripslashes() was employed. Of
course, without the call, it wouldn't work in any browser, but this is
now confirmed to be a browser issue. Are you using Safari on your
Mac? If so, give it a shot with Firefox and/or Internet Exploder.
--
</Daniel P. Brown>
Bingo!
That did it!
You see, I'm writing a report for my student showing them the
security hazards of forms. I figured it would be nice if I could show
them and example of JavaScript injection. Now, iF FF for windows does
the same thing, then that will be great.
You know, this teaching thing is a lot of work -- I'm below minimum wage now.
Cheers,
tedd
--
-------
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
