GoFuckYourself.com - Adult Webmaster Forum - View Single Post

SilentSound · 05-07-2009, 11:38 AM

Take care - if your server is configured in that way, <?php ?> tags will be parsed with HTML files (depends on how you use the files after upload). Strip all code, be it PHP, ASP, etc. And strip ALL javascript. ALL of it.

That should be safe - I would use one more precaution though: don't allow anything referencing outer domains (eg. hotlinking an image for example from domain2.com, where the HTML file is uploaded to domain1.com) - this is a prime candidate for cookie stuffing.

Just my

take care !!!

05-07-2009, 11:38 AM
SilentSound Confirmed User Join Date: Mar 2009 Location: NP-hard Posts: 287	Take care - if your server is configured in that way, <?php ?> tags will be parsed with HTML files (depends on how you use the files after upload). Strip all code, be it PHP, ASP, etc. And strip ALL javascript. ALL of it. That should be safe - I would use one more precaution though: don't allow anything referencing outer domains (eg. hotlinking an image for example from domain2.com, where the HTML file is uploaded to domain1.com) - this is a prime candidate for cookie stuffing. Just my take care !!! __________________ Hosting for those with limited cash