Announcement

Do not use the forums to submit bug reports, feature requests or patches, submit a New Ticket instead.

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

#1 2012-11-09 12:38:03

slicta
New member
Registered: 2012-11-09
Posts: 1

HTML copy/paste : the open door to hacking

Dears, I was pretty pleased while testing Xinha until I found 2 problems :

The little one : The "CharCounter" plugin is not working properly, there are too much ways to overshoot the char limit (by copy/paste for instance).

And the really BIG one :
Open what ever site where you have implemented Xinha. Begin selecting this forum page from the top-left and drag the mouse until reaching, for instance, the menu or the forum path (Index >> User Discussion & Help >> ...). THen press CTRL + C, go to your website, click on a Xinha editor, and press CTRL + V.

This is what you got with the youtube website for example :

Forum problem

Offline


Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/xinha/public_html/r.f/include/parser.php on line 774

#2 2013-09-30 07:00:54

Myrta99
New member
Registered: 2013-09-30
Posts: 2

Re: HTML copy/paste : the open door to hacking

Hacking html-only pages is not possible. Not by web application at least. You will need to look into exploiting the web server or other services running on the server


hotelserimalaysia.org

Last edited by Myrta99 (2013-12-16 07:40:30)

Offline

Board footer

Powered by FluxBB