fpgroups (was: Re: qualifier)
fp at casabellagallery.com
fp at casabellagallery.com
Wed Aug 1 13:48:34 PDT 2007
Mark brought to our attention:
> >
> > The input fields are set as type="password". I have tested it with both
> > FF and IE and I get ****** every time. Which browser are you using?
>
> You're missing my point. Yeah, they're type="password" when you're
> -submitting- them (ie., filling out the form). But what's the point of
> that when the return page lists both field numbers with the password and
> verification password in plaintext for anyone nearby to read? The -return-
> page from signing up is the one with the problem, not the form itself. And
> that's browser-independant.
>
Fixed it ... It was a function I use to troubleshoot data condition prior to
writing it to database
>
> > > in your display code. Start spitting out > as >, < as <, " as "
> > > and the like. If you don't filter special characters, not only are you
> > > opening yourself to broken visbility issues, but XSS.
> >
> > I now, I am having problem with my layers (DIVs) and keeping text under a
> > hard wrap to keep it from flowing beyond its intended boundaries. I will
> > get to it later ...
>
> I don't see where they're related. You still need to escape special chars
> as entities, even if you fix the div overflow. Speaking of which, for code
> you don't want to auto-wrap, you want to scroll sideways to maintain
> display integrity:
>
> overflow: auto;
>
> Voila. Automagic scrollbars appear when needed, stay hidden when not.
> The only caveat to that is that if you have div's that appear/disappear and
> use auto mode, you -must- specify a static height in -some- unit of
> measurement (I'm partial to pixesl myself), or when the div becomes visible
> it'll be undersized and the scrollbars will be totally -whacked-. So if
> you toggle visibility and use overflow: auto, make sure you set height for
> the div so that auto works correctly--else it doesn't measure things until
> the first time it's displayed, and then screws it up in both IE and
> Firefox (and possibly others). If you don't want an absolute height,
> specify "overflow: scroll;" instead. That's the other way to nail that
> kitten to the tree. If you're not making use of visibility toggling, just
> toss on auto and you're set.
>
Not that simple but I have already resolved the problem If you visit your
post, you'll find that both tabs' content display very clearly. Thank you
for bringing these to my attention.
http://www.fpgroups.com/index.php?Target=code&Action=read&Code=6
>
> > I agree! I will look into having this fixed ASAP ... Privacy is critical and
> > I will do whatever possible to intruders from exploiting this.
>
> Taking out -at least- the mailto: anchors around it will minimise it some,
> but bots will still parse the body text...just not as often. It'd be a
> fast stopgap measure to take immediately until you decide on and implement
> a permanent fix.
>
Following your advise, I've removed the anchor and I am simply showing the email
address as entered
Regards,
Jose Lerebours
http://www.fpgroups.com
More information about the Filepro-list
mailing list