Subject:
|
Re: Very strange server behavior today
|
Newsgroups:
|
lugnet.admin.general
|
Date:
|
Mon, 25 Aug 2008 19:56:32 GMT
|
Viewed:
|
7545 times
|
| |
|
|
In lugnet.admin.general, Michael Huffman wrote:
> In lugnet.admin.general, Gereon Stein wrote:
> > Your mention of FTX in posts and the issues this generates for NNTP access
> > have some ideas coming to my mind, though... ;)
>
> The easiest solution would be to convert FTX in NNTP message files into HTML;
> most NNTP browsers understand embedded HTML. And then rewrite the web-posting
> modules to convert FTX to "safe" HTML (ie. rejecting JavaScript injection or
> other types of XSS attacks).
That's a really good idea, Michael. There is already an internal function
for rendering FTX as HTML, which could be reused for this. It might be a good
idea to filter out any JS injection attempts in URLs, which would benefit the
web-based interface as well.
The HTML could then be wrapped into a MIME container and the NNTP message could
be given in both its original unaltered form and the converted HTML form.
--Todd
|
|
Message is in Reply To:
 | | Re: Very strange server behavior today
|
| (...) The easiest solution would be to convert FTX in NNTP message files into HTML; most NNTP browsers understand embedded HTML. And then rewrite the web-posting modules to convert FTX to "safe" HTML (ie. rejecting JavaScript injection or other (...) (16 years ago, 25-Aug-08, to lugnet.admin.general)
|
17 Messages in This Thread:
 
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
