I took over a website that already uses FCKEditor. The website was written in ASP and has had numerous SQL injection attacks. I saw that there is an HTML Purifier, but it is in php. Does anyone know if there is an ASP version or another option I can use? Alternately, are there instructions anywhere on what steps I could take to mimic HTML purifier in asp?
TIA.
TIA.
Re: HTML purifier for asp pages?
So I would try to find out exactly where does that problem exist and fix them, because you might be focusing on the wrong part.
I don't mean that you shouldn't validated the HTML, of course you must!, but don't forget about the rest of your system.
Re: HTML purifier for asp pages?
I worked my way through the site and the only way I can see something coming in is through the fckeditor part. I am new at all this - can you point me in the direction of some instructions/ideas on what to do?
Re: HTML purifier for asp pages?
If you get an error anywhere, then you have a possible sql injection problem there
Of course that's the most basic method, but it's usually enough to find out if the code has been protected or not.
Re: HTML purifier for asp pages?
Re: HTML purifier for asp pages?
I am very new at this and searched for some code to filter meta characters from the input, but had no luck. What I am hoping to do is to scan the text that the person inputs and kick them out/reject it if it contains certain characters. I don't even know where to put it in the code - before the form is submitted?? I would really appreciate any help.
Thank you.