Author Topic: What did the glow and moving text BBcodes look like? (Read 2420 times)

Steve5451² · July 27, 2016, 12:02:59 AM

Quote from: $trinick on July 26, 2016, 11:57:01 PM

Presumably the only security risk would be if they could inject SQL or PHP in their application. HTML alone cannot garner any useful information from a server.

They could use Javascript to steal the admin's cookies and login.

Ad Bot · Advertisement

$trinick · July 27, 2016, 07:03:07 PM

Quote from: Foxscotch on July 27, 2016, 12:02:35 AM

xss is more so the problem in this case

I'm under the impression that he means that text boxes don't filter HTML.. so like, for example, I could register as <h1>trinick</h1> and everywhere my name would display as a h1 element. Unless you're running a copy of Netscape from 1995, your browser probably has anti-XSS protection.

Quote from: Steve5451² on July 27, 2016, 12:02:59 AM

They could use Javascript to steal the admin's cookies and login.

How do you presume they would send the cookies? You're right, they could inject Javascript that would collect cookies, but you're unable to open a connection to an origin other than the current website.

Blockland Forums

Author Topic: What did the glow and moving text BBcodes look like? (Read 2420 times)

Steve5451²

Ad Bot

$trinick