Search the web
Sign In
New User? Sign Up
WikiForum · The mailing list for Wiki administrators
  • Members Only
  • Post
  • Files
  • Photos
  • Links
  • Database
  • Polls
  • Members
  • Calendar
  • Promote
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Want your group to be featured on the Yahoo! Groups website? Add a group photo to Flickr.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
Disable HTML in Wiki Text?   Message List  
Reply | Forward Message #81 of 359 |
CERT recently released two papers about the dangers
of using HTML in dynamically generated pages:

Malicious HTML Tags Embedded in Client Web Requests
http://www.cert.org/advisories/CA-2000-02.html

Malicious Web Scripts Redirected by Web Sites
http://www.cert.org/tech_tips/malicious_code_FAQ.html

The CERT papers suggest to filter out most HTML tags,
especially <script>..</script>, and pay attention
to special characters like <, >, &.

Many Wiki clones do allow embedded HTML. The advantage
is that powerusers are not hindered by Wiki systems,
i.e. it is possible to create a form inside a Wiki
page.

Disabling HTML in general plugs the security hole, but
puts some limits on the system. It depends on the
community if this is acceptable or not. For our internal
deployment of TWiki as a knowledge base for support it
is not.

Any comments?

-- PeterThoeny - 05 Mar 2000
-- http://www.mindspring.com/~peterthoeny/twiki/
Sun Mar 5, 2000 9:43 am

Show Message Option
peter.thoeny@...
Send Email Send Email

Forward 		Message #81 of 359 |
Expand Messages Author Sort by Date

CERT recently released two papers about the dangers of using HTML in dynamically generated pages: Malicious HTML Tags Embedded in Client Web Requests ... 		Peter Thoeny
peter.thoeny@...
Send Email 		Mar 5, 2000
9:44 am

... I've been thinking about this problem a bit and am pretty torn right now between the costs/benefits of allowing html. From my limited experience, I think a...
Iain Shigeoka
iainshigeoka@...
Send Email 		Mar 5, 2000
4:39 pm
Bob Racko
bobr@...
Send Email 		Mar 6, 2000
1:09 am

... Easy collaboration is the most important aspect of Wiki systems, therefore the system should be forgiving to not perfectly formatted text. It would be easy...
Peter Thoeny
peter.thoeny@...
Send Email 		Mar 6, 2000
8:23 am

... This brings up an interesting question I always wanted to know the answer to. Do we have any idea what the average wiki site size is (in wiki pages)? I'm...
Iain Shigeoka
iainshigeoka@...
Send Email 		Mar 6, 2000
3:59 pm
Bob Racko
bobr@...
Send Email 		Mar 6, 2000
4:48 pm

... We have closed to 800 pages in our internal TWiki.Know knowledge base web (a total of 1600 files with the RCS included). I don't see any performance...
Peter Thoeny
peter.thoeny@...
Send Email 		Mar 8, 2000
8:45 am

... In order to know what pages link to the deleted page, you'll need to store a database of some sort of links to pages won't you? I do really like your idea...
Iain Shigeoka
iainshigeoka@...
Send Email 		Mar 8, 2000
3:33 pm

... I have added a TrashCanWeb topic as brainstorming idea in the TWiki co-development web at ...
Peter Thoeny
peter.thoeny@...
Send Email 		Mar 8, 2000
5:31 pm
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help