[Typo3-dev] Security Problem - HTML
Dominic Brander
typo3_db at snowflake.ch
Tue Sep 23 16:00:42 CEST 2003
I think this is a good way to go.
we can not give a 100% security as this is not possible.
but we can give some tools to admins to control at least a few things.
Christoph Moeller wrote:
> Dominic Brander schrieb:
>
>> Let's start the security-discussion in this list.
>
>
> hmm, just had a quick look into typo3/t3lib/class.t3lib_parsehtml.php,
> around line 466. There's the function HTMLcleaner which could (? i.e. if
> someone still understands this code monster *g*) be extended to parse
> for suspicious cookie stuff in the content's HTML.
>
> I think it's not really possible to distinguish between malicious and
> good JS cookie code inserted as HTML CE. For example there always could
> be a white-hat use for manually inserted document.cookie's if someone
> knows what he's doing.
>
> Just an idea: warning messages to the admin telling about JS-cookie
> usage in HTML content elements? Not really convenient - I know - but
> anyone a better idea? This is a browser/general cookie problem...
>
> Chris
>
> _______________________________________________
> Typo3-dev mailing list
> Typo3-dev at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
>
>
--
dominic brander
________________________________________________________________________
dominic brander - snowflake productions gmbh
tel. CH +41 1 451 75 71 - fax. CH +41 1 451 63 80
tel. D +49 89 31 56 78 15 - fax. D +49 89 31 56 78 16
mobile +41 76 493 25 88
http://www.snowflake.ch
More information about the TYPO3-dev
mailing list