hi folks,
on my website is a php script (http://www.php-projekte.de/modules.php?name=ScriptParade) running that I have coded which prints added javascript to a popup window. now I want to ask you as jscript specialists if you could see any problems with doing that? (manipulation problems and such things).

Thanks it would help me a lot if you could give me some advice on it! The page is not available in english at the moment, hope it's ok for you.

greetz,
beebob

ps: if you want to test it by adding a script please use instead of <script>...</script> -> <sparade>...</sparade> without any options.
Comments like <!-- and //--> are not allowed in this tag.
Another little thing is that you have to write <a href="sparade:... instead of <a href="javascript:...
That's it.

If you mean security features when you say manipulations then there are always going to be problems. But it's difficult to understand what your question is really about, maybe ask it in german?

ok, folgendes. das script ist ein nukemodul. und nuke ist so programmiert, dass man keine script tags per form verschicken darf. is auch gut so, denn mit src="..." könnte man ja böse dinge tun ;)

ok, jetzt habe ich das so gemacht, dass man als alternative zu dem schlüsselwort javascript das wort sparade verwenden soll, damit eben ein skript eben doch 'hochgeladen' werden kann.

jetzt möchte ich ausschliessen, dass ein javascript noch weiteren blödsinn machen kann bzw. möchte wissen, was es noch für sachen gibt, die ich rausfiltern sollte.

und daher die frage, ob quasi einer von hier dort blödsinn machen kann, damit ich entsprechend weiss, was noch zu tun ist so sicherheitsmässig?

eben waren schon ein paar da wegen ne anderen sache ;)

or in other words: helping bugfixing

gruss,
beebob

Ich spreche ein kleine Deutsch, aber ich verstehe jetzt dich.

The best way to make scripts not be scripts is put them in a textarea tag, which is what most sites do. It may not be the pretties but copy and paste are very easy with it as an added bonus: Example



<html>

<textarea columns=40 rows=40>
<script language=javascript>
if(window.screenY){
alert(window.screenY);
alert(window.screenX);

}
else{
//IE screenpos thing
alert(window.screenTop);
}

</script>
</textarea>
</html>


this way you can store the script as is in yoru database, and not parse it on request. If you are set on doing it the way you have it, there are LOADS of security issues to deal with, that the best programmers in the world still have problems with....something i am not yet a member of.

Und was ist nukemodul auf English

ok, i did this for updating the scripts. as you can see on the page, you also can easily copy and paste the code from plain text view (without textarea and keeping the format).

yes, the module comes with an english lang file.

if you do not know phpNUKE visit http://www.phpnuke.org

oh, haha, i thought it was some german word! ah-ha

hehehe:D
the same always happens to me in the other direction

offtopic: is there a reason why here's no php forum?

i've asked that myself, but i guess it's contained within the CGI forum

oh, ok. you can also let it run as cgi.