Wie sicher sind wir vor ausführbaren Codes in Postings ....

mattgroening (59)in #deutsch • 5 years ago (edited)

Einleitung
Summary and security advice in English
contact form

Also, das stand gestern wieder in meiner Akademie zum Thema und auch von meiner Chefin gabs diesbezüglich eine Anfrage.

Grundsätzlich soll in einem Posting kein ausführbarer Code sein und das Backend hat dafür zusorgen, dass möglicher ausführbarer Code nicht ausgeführt wird. Offiziell verwendet Steem wie auch Weku Markdown nur wird das halt nicht sehr streng genommen und HTML-Code ist nach wie vor erlaubt.

Ich probier jetzt gleich mal in dem Posting aus ob Forms , Inline-CSS und Links innerhalb vom Posting funktionieren.
Sollte alles funktionieren , dann geht auch das Kontaktformular.

summary in English

Well, we use the same Markdown language like Steem for styling comments and posts. However that Markdown is not pure but like Steem and that on Github allows some HTML code. Thus Get-requests , Forms and other HTML-stuff is possible and probably can be abused to some degree. HTML-events like onclick, etc. should not be allowed and also CSS can be abused for keyloggers.

We should make sure that code does not make it on to the blockchain and of course not to our website. Usually HTML-code is in angle-brackets <> and a common technique is to escape angle-brackets by < and > or even not allowing them at all. Also not allowing ' and " and ; makes sures that no code can be executed. Those signs are common substitutes „“ ‚‘ . https://de.wikipedia.org/wiki/Anf%C3%BChrungszeichen

KONTAKT

                            <input  type="text" placeholder="Name" required name="Name">                                                      
                            <input type="text" placeholder="Email" required name="Email">                                                   
                    <input  type="text" placeholder="Subject" required name="Subject" >             
                     <textarea  id="contactmessage"  type="text" required name="Message">
        </textarea>                         
        <button type="submit" >send</button>
        
                </form>

also Forms lasst er nicht durchgehen... da können wir schon mal beruhigt sein

#cryptocurrency #steemit #palnet #security

5 years ago in #deutsch by mattgroening (59)

$0.35

Sort:

Trending

[-]

lezphilennd (33) 5 years ago

This Char checking idea may be sufficient. But you have to be careful that the sign checking mechanism can not be skipped and/or modified.

$0.00

2 votes

[-]

mers (71) 5 years ago

Good information although I don´t understnd much about codes in IT. But your post will surely be a thing to ponder upon. In this digital world, everything is possible. even a 17 year-old kid from Vienna was able to hack CIA´s system.

$0.00

1 vote

[-]

mattgroening (59) 5 years ago

actually, that was one of many traps laid out by the CIA. They are doing that on purpose for decades.

$0.00

1 vote

[-]

steemitboard (66) 5 years ago

Congratulations @mattgroening! You have completed the following achievement on the Steem blockchain and have been rewarded with new badge(s) :

You distributed more than 900 upvotes. Your next target is to reach 1000 upvotes.

_{You can view your badges on your Steem Board and compare to others on the Steem Ranking}
_{If you no longer want to receive notifications, reply to this comment with the word STOP}

To support your work, I also upvoted your post!

You can upvote this notification to help all Steem users. Learn how here!

$0.00