[TYPO3-typo3org] buzz.typo3.org: Posting form allows HTML tags
Rupert Germann
rupi at gmx.li
Tue Jan 16 10:04:18 CET 2007
Hi Stucki,
Michael Stucki wrote:
> See
>
http://buzz.typo3.org/people/ron-hall/article/spam-protecting-your-typo3-e-mail-addresses-with-a-special-twist/
>
> The posting form does not filter HTML tags, thus it could be possible to
> submit much worse content than I tried to do.
all html tags are completely removed from the input by strip_tags(). So I'm
quite shure that you couldn't do any worse things with this ;-)
but we have a spam problem on this site:
http://buzz.typo3.org/people/mario/article/show-your-network/
I'll install a captcha.
greets
rupert
More information about the TYPO3-team-typo3org
mailing list