This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How to protect my source code when deployed?
Can you give me some suggestions on how to secure a piece of code (credits, footer) from being removed?
It's just a text saying "Made by", bla bla...
If a user removes that piece of code, I want to force it back on the place or to display a warning message.
How about populating a div using javascript? Most users that will hack your theme/code won't understand where its coming from. Try something like appending the div to your body tag so even the div isn't written in html of your code. This might prevent a lot of efforts to remove the credits. What are you building exactly? What is the context? Is it a theme for a cms?
Related
This question already has answers here:
Hiding the source CSS code
(3 answers)
How to protect css files [closed]
(1 answer)
Closed 4 years ago.
Is there anyway to hide css code from source code. So, no anyone can copy my code. Or, any other language is available for styling like css and it is not visible in source code. I know it's silly question.
Here I am also asking about alternate language of css which is not visible in source code.
Is there anyway to hide css code from source code. So, no anyone can copy my code.
Short answer: No. CSS must be sent as plain text to your clients' computers if you want your page to be rendered.
I hide my Javascript code from source code by implementing between PHP.
What? No, you cannot hide Javascript either, for the same reason.
You can minify or obfuscate this code, but you cannot avoid sending it (if you want it to be used).
There is NO way to hide the client side components like CSS.
you can check it here
This question already has answers here:
How to output HTML but prevent XSS attacks
(2 answers)
Closed 4 years ago.
I have comment system based on the forms and PHP catching POST. I'm trying to make some sort of formatting (bold, underscrores, italic...) but I'm using XSS protection: htmlspecialchars().
How to tell PHP not to parse and other tags? Is any JS editor which can edit text and send it as textarea?
Probably the safest way is to settle for something like markdown for the simple formatting and then convert that to HTML at the point of output.
If you want to use actual HTML, I would go for a whitelist approach of tags that you want to keep and using strip_tags with that whitelist as a first approach to it. Although using another format like markdown is probably the safer variant.
This question already has answers here:
What does "javascript:void(0)" mean?
(14 answers)
Closed 5 years ago.
In HTML you can write href="#" to prevent a page reload, however in php this doesn't appear to work. Is there an alternative?
It adds # to the existing url, but that's not what I want. I also don't want to remove the href since it replaces the cursor with a select text cursor, and I don't really want to be changing my css for what should be basic php.
I'm sure im just doing something wrong anyway. Thanks!
By using a hash you're attempting to tell the browser to navigate to an anchor on the page. If you want to cancel the default behavior and not modify your CSS simply void the anchor's behavior with Javascript:
...
There's a very good description of what this does and why you would use it here: What does "javascript:void(0)" mean?
Not be the best. But if I had this issue, I'll use onclick
texts
Online Preview
This question already has answers here:
Preserve and display text exactly how it is typed and submitted
(2 answers)
Closed 8 years ago.
** Update - following the link that deceze kindly posted to a similar question lead me to a great article by deceze here The Great Escapism which gave me all the answers I needed. To anyone finding this question due to similar issues I urge you to read this article **
I'm allowing users to enter information through a textarea on my site.
I'm aware that there is a security risk whenever a user can enter information into a site.
I want to be able to preserve whitespace / newlines from their entry but I'm also mindful of stripping HTML tags etc out of their input.
I have written a function that replaces \r\n with <br/> before the data retrieved from the database gets outputted to the browser (I also stripslashes before I output to the browser).
I have a function that will strip out HTML tags from the entered text that I can run before putting the user entry into the database.
I'm unsure if this is all that I need to do? Does anyone have either a list of checks I need to do before putting user-entered info into the database and then before displaying it in a browser? Or even a set of sanitising functions that they use for this?
I've looked at esc_html() and sanitize_text_field() and filter_var($output, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES) but I'm really unsure when I should be using what function?
Help much appreciated :-)
You can use mysql_real_escape_string() to prevent sql-injection. You can find a good basic tutorial here
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How to convert HTML to BBCode
Im building community website where users are allowed to post topics.
Of course i should be aware of many problems that can happen when some "smart"
user tries to "post" something that is not meant to be what it should be.
Basicly im trying to protect myself from XSS.
In my textarea field of course i should filter html tags, and not allow
script or iframe tags. Nice way to change html tags with custom tags, like phpBB does
for example : [b] bold [/b] [code] snippet here [/code] [list] unordered list [/list]
How can i do this in php, or simply how can i catch those tags as string in php an perform
rendering when reading the text.
Don't re-invent the wheel, take a look at Bulletin Board Code on PHP.net.