Re: Community problem

---

• From: Paul Cooper <paul.cooper@xxxxxxxxxxxxxxx>
• Date: Tue, 19 Jul 2005 16:27:18 +0100

---

On Tue, 19 Jul 2005 10:48:48 GMT, "Vinny" <vinny.fitzy@xxxxxxxxxxxx>
wrote:

>I belong to a small web community that is based around a horse racing game.
>On the site we have a disscussion forum for the members to post messages,
>sell horses or just general chit-chat. Messages are posted via a form with a
>header for the subject then the message is written into a message body and
>then submitted, much like an ordinary e-mail. The problem we have is that
>one person has taken umbridge with the group and by using a script is
>constantly wiping the forum and therefore ruining the game for its players.
>He also changes his posting name to what only can be called offensive in an
>effort to ridicule others. The script he uses is placed in the message
>header and is
>
><SCRIPT language="JavaScript
>
>as its written, I've been able to view this from page source in firefox.
>Is there anything we can do to counter this person?
>The site in question is at stableking.com
>Sorry if this has been longwinded, but as you may have gathered I have
>little knowledge of javascript or newsgroup posting.
>
>Vinny
>

a) This is only a part of the opening tag for a Javascript script. It
isn't complete, and probably has the effect of hiding everything after
it. Any unclosed tag in the same position would probably do the same.
b) The obvious thing is for your server-side code to strip out
anything that looks like an HTML tag. At the least, it could replace
"<" amd ">" characters with &lt; and &gt;.
c) This isn't really a Javascript problem, though the perpetrator is
using the <SCRIPT> tag to annoy you.
d) The good news is that nothing is lost - change his headers to
something else and everything should reappear.

Paul

.

---

• Follow-Ups:
  • Re: Community problem
    • From: Vinny

• References:
  • Community problem
    • From: Vinny

• Prev by Date: Re: IDing folder name using Javascript
• Next by Date: Re: page scraping
• Previous by thread: Re: Community problem
• Next by thread: Re: Community problem
• Index(es):
  • Date
  • Thread

---

Relevant Pages Community problem ... I belong to a small web community that is based around a horse racing game. ... On the site we have a disscussion forum for the members to post messages, ... The script he uses is placed in the message ... little knowledge of javascript or newsgroup posting. ... (comp.lang.javascript) Re: RFD: How To Recognize Bad Javascript Code ... Elements consist of tags ... Your example `script' elements are empty where they should have ... | Using the pseudo-protocol javascript in the href is never valid. ... Some web developers use this to work ... (comp.lang.javascript) Re: Retrieving special characters ... getting more confused about handling special characters. ... In HTML will be concidered as a tag, ... does not concider them as control characters such as tag delimiters. ... Script Archive is the most classic exploited script. ... (comp.lang.php) Re: Help-Need confirmation page email address to be assigned to a javascript variable - Stuc ... I have tried that and just awaiting results from the tracking company...but ... as you say the problem lies in the statement between the no script tags ... JavaScript - and JavaScript is not available if a tag is ... (microsoft.public.frontpage.programming) Re: Double-document.write(...) insert -like space? ... What is with all that voodoo scripting by breaking up tags that have no ... Then why not just write the image tag anyway? ... It isn't the word script that ends it, it is the character sequence </ that can end it - it is up to the browser. ... want to use it based on a JavaScript value, I have to do this nested ... (comp.lang.javascript)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.lang.javascript  > 2005-07