Home
Blog

Checking for HTML injection in all your comment fields.

Posted At : February 14, 2008 10:40 AM | Posted By : Christopher Wigginton
Related Categories: ColdFusion,Anti-Spam,Adobe

When checking for html injection in your blog comments, unless you're moderating your comments, remember to check all the fields, not just the body and strip the html. I was reading some old blog entries of some friends (cough* Kevin's, sorry bub!) and noticed quite a bit of spam in the comment titles. The spammer had used a link the comment title. Unfortunately, the link doesn't have a rel="nofollow" attribute either, so the blog is just contributing to the spammers ranking.

Send |

Digg It! |

Linking Blogs
774 Views

Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

There are no comments for this entry.

[Add Comment]

About Me

You can find more information about me here

Calendar

<< August 2008 >>

Search

Subscribe

Enter your email address to subscribe to this blog.

Tags

adobe civil disobedience coldfusion general ramblings macromedia science in the news web tools

Archives By Subject

Adobe (76) [RSS]
Anti-Spam (4) [RSS]
Apple (8) [RSS]
Books I'm Reading (6) [RSS]
Civil Disobedience (20) [RSS]
ColdFusion (96) [RSS]
Content Management Systems (1) [RSS]
Cooking (7) [RSS]
DRM (7) [RSS]
Family (1) [RSS]
Flash (6) [RSS]
Flex (9) [RSS]
Gaming (7) [RSS]
General Ramblings (69) [RSS]
Global Warming (1) [RSS]
Government (1) [RSS]
Identity Theft (2) [RSS]
Macromedia (10) [RSS]
Microsoft (8) [RSS]
Movie Reviews (4) [RSS]
MPAA (2) [RSS]
Photography (3) [RSS]
RIAA (2) [RSS]
Science in the news (14) [RSS]
Web Tools (14) [RSS]
Windows Media Center Edition (MCE) (3) [RSS]

Recent Entries

ASDoc Error: unable to open 'and'

RSS

Files

Get your own Box.net widget
and share anywhere!

Powered by BlueDragon, http://www.newatlanta.com/bluedragon

Wists

my wists | clone this