php - How can I filter metacharacters from user input in xss attack? -

-

on site on admin login page if this

http://www.domain.com/admin/index.php/%22onclick=document.location="http://www.google.com">

and click somewhere page redirects. read need filter metacharacters, after hours of googling still can't find out how can stop this. above see isn't doing get or post. how can block this?


Comments

Post a Comment

Popular posts from this blog

delphi - TJvHidDeviceController "DevicePath" always showing "\" -

-
i'm using tjvhiddevicecontroller class retrive hid device information. have plugged 2 hid devices, i'm trying ge "devicepath" of sp_device_interface_detail_data_a structure getting device path '\'. ican't open createfile function. please me solve issue. os win7. all. this guessing! the 1 thing can think of is: tjvhiddevicecontroller calls windows api call without using or w suffix. structure used sp_device_interface_detail_data_a, ansi version. now, if use delphi 2009 or higher, routine expect sp_device_interface_detail_data_w. size same looks ok. strings stored usc2 encoded (widechars) instead of ansi encoded -> after every ansi character there null byte. tjvhiddevicecontroller converts character array pascal string using function strpas , hence, see first character. check: set breakpoint after function call fills structure , use cpu window view content memory dump. if see ansi characters every other byte , null bytes in between, ca...
Read more

web applications - Making Python scripts work on MAMP -

-
i'm using mamp server testing out web pages. i'm new python. i'm able run script in python interpreter print hello world. print "hello world!" so used same line in file name test.py . how should run on web. as new python, tried normal things, placing test.py in /htdocs/cgi-bin/ , trying open it. says forbidden page. anyone please me making work. thanks to cgi, recommend reading python cgi docs . @ minimum, need output content type , html tags: print "content-type: text/html" print print "<html>" print "<head>" print "<title>example of python cgi script</title>" print "</head>" print "<body>" print "hello world!" print "</body>" print "</html>" also, make sure web server software has permission execute script. should able use chown set ownership , chmod set permissions .
Read more

cocoa - Converting NSString to keyCode+modifiers for AXUIElementPostKeyboardEvent -

-
edit: turns out, misled during initial explorations of accessibility apis. once found secure text field in ax hierarchy, able set value. not sure question beyond that, wanted update future searchers. i'm working on code post keyboard events targeted applications using accessibility apis. far, have been able write trivial app allows me type in string value , post keyboard events key codes targeted application. in reality, strings read location. what have not yet been able figure out how ascertain whether , modifier keys should posted. instance, when type hello, world! test application, input sent other application hello, world1 because not yet including modifier keys create upper case h , exclamation point. made doubly complicated multi-keystroke characters é or ü . sending é sends raw e no accent example. is there simple method overlooking discerning modifiers combine keycode creating particular nsstring or unichar? if not, have suggestion of how proceed? far, best ...
Read more