Hi,
how can I avoid that input like <script>....</script> is saved into the database and the site being hacked this way?
Usually, I'd convert all inputs using php htmlspecialchars so that displaying the db entry above won't execute a script, etc...
On top, it looks like that the custom validation option is no longer present in V5.
Do you recommend to use an event switcher instead and convert the inputs via php?
Other methods/options build into chronoforms5?
Thanks
how can I avoid that input like <script>....</script> is saved into the database and the site being hacked this way?
Usually, I'd convert all inputs using php htmlspecialchars so that displaying the db entry above won't execute a script, etc...
On top, it looks like that the custom validation option is no longer present in V5.
Do you recommend to use an event switcher instead and convert the inputs via php?
Other methods/options build into chronoforms5?
Thanks
OK, found below article which recommends to use the event switcher in V5 for custom serverside validation.
http://www.chronoengine.com/faqs/70-cfv5/5212-event-switcher.html
This leaves the task to convert the input text and replace the htmlspecialchars...
Any slick code available to do this - will be appreciated.
http://www.chronoengine.com/faqs/70-cfv5/5212-event-switcher.html
This leaves the task to convert the input text and replace the htmlspecialchars...
Any slick code available to do this - will be appreciated.
Hi Cugar,
If you save the script tags saved then you should display them when you need them, how would anybody display them if you don't want to ?
Regards,
Max
If you save the script tags saved then you should display them when you need them, how would anybody display them if you don't want to ?
Regards,
Max
This topic is locked and no more replies can be posted.
