Tagged: 

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • September 22, 2014 at 3:22 pm #323054
    goch

    hi,

    I’m not a security expert (neither an html/javascript/php one), I’m just paranoid.
    But I’m surprised that things like that do work in the “message” field of the contact form and are not filtered out :

    
<iframe width="560" height="315" src="http://www.youtube.com/embed/um1pIC3T37I" frameborder="0"></iframe>

<form>
First name: <input type="text" name="firstname">
</form>

    is that common? can you confirm me that I’m just paranoid and that everything has been checked concerning the security of the contact form ?

    September 22, 2014 at 3:57 pm #323086
    Devin

    Hey goch!

    What context are you worried about? Do you mean adding iframe code to a message or escaping form data?

    Cheers!
    Devin

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.