php - How can I filter metacharacters from user input in xss attack? -

-

on site on admin login page if this

http://www.domain.com/admin/index.php/%22onclick=document.location="http://www.google.com">

and click somewhere page redirects. read need filter metacharacters, after hours of googling still can't find out how can stop this. above see isn't doing get or post. how can block this?


Comments

Post a Comment

Popular posts from this blog

delphi - TJvHidDeviceController "DevicePath" always showing "\" -

-
i'm using tjvhiddevicecontroller class retrive hid device information. have plugged 2 hid devices, i'm trying ge "devicepath" of sp_device_interface_detail_data_a structure getting device path '\'. ican't open createfile function. please me solve issue. os win7. all. this guessing! the 1 thing can think of is: tjvhiddevicecontroller calls windows api call without using or w suffix. structure used sp_device_interface_detail_data_a, ansi version. now, if use delphi 2009 or higher, routine expect sp_device_interface_detail_data_w. size same looks ok. strings stored usc2 encoded (widechars) instead of ansi encoded -> after every ansi character there null byte. tjvhiddevicecontroller converts character array pascal string using function strpas , hence, see first character. check: set breakpoint after function call fills structure , use cpu window view content memory dump. if see ansi characters every other byte , null bytes in between, ca...
Read more

Disabling Android home button for industry application -

-
i'm writing industry application used traffic wardens register offences through program using forms. the app using webview container external webpage. don't want our users exit application have disable buttons. succeeded in disabling them except home button. i read threads topic, don't have solutions yet. idea able make app default home app if user presses home button launches app , not exit. how can accomplish that? if must able tamper android (when install app), if there solution through configuration appreciated. the idea able make app default home app if user presses home button launches app , not exit. how can accomplish that? there sample home application in android sdk. mirror manifest entry, notably putting home category in activity's <intent-filter> . the first time the, er, traffic warden taps home after installing app, chooser appear home app run. checking checkbox , tapping app mean home button run app forevermore. beyond cr...
Read more

asp.net mvc 3 - Unexpected "foreach" keyword after "@" character -

-
i have partial view done in razor. when run following error - seems razor gets stuck thinking i'm writing code everywhere. unexpected "foreach" keyword after "@" character. once inside code, not need prefix constructs "foreach" "@" here view: @model ienumerable<somemodel> <div> @using(html.beginform("update", "usermanagement", formmethod.post)) { @html.hidden("userid", viewbag.userid) @foreach(var link in model) { if(link.linked) { <input type="checkbox" name="userlinks" value="@link.id" checked="checked" />@link.description<br /> } else { <input type="checkbox" name="userlinks" value="@link.id" />@link.description<br /> } } } </div> inside using block, razor expecting c# source, not html. therefore, should write foreach without...
Read more