TalkPHP - View Single Post

freenity · 04-20-2008, 11:08 AM

Hi
An attacker can bypass your javascript validation by creating a program(script) that will send a post header to the file you specify in <form action="file.php">
Or the easiest method I guess is deactivating javascript support in his broqser :)
javascript is never reliable on security, but you can implement javascript validation just to show users that the name, email or whatever they entered is not wrong, so they don't have to wait the whole reload for your php script to tell them this.
In the example above, there is no xss because you don't show the input variables in the browser, however the sql inj, might work

04-20-2008, 11:08 AM	#6 (permalink)
freenity The Acquainted Join Date: Feb 2008 Posts: 119 Thanks: 17	Hi An attacker can bypass your javascript validation by creating a program(script) that will send a post header to the file you specify in <form action="file.php"> Or the easiest method I guess is deactivating javascript support in his broqser :) javascript is never reliable on security, but you can implement javascript validation just to show users that the name, email or whatever they entered is not wrong, so they don't have to wait the whole reload for your php script to tell them this. In the example above, there is no xss because you don't show the input variables in the browser, however the sql inj, might work __________________ http://feudal-times.net - My PBB Game http://gwphp.feudal-times.net - My Blog "Gaming With PHP"