logging user out unparalleled web concentration page


this an progression .



assuming there isn't regex cunning adequate pledge xss saftey user entered urls i'm looking during controlling redirect.



(although have greatfully supplement underneath question)



we have user quarrel web addresses, so:




stack .com




they wish couple seem users, so:



<a href="http://stack .com">stack .com</a>


to devaluate risk hacking i'm formulation warning page, couple becomes:



<a href="leavingsite.aspx?linkid=1234" target="_blank">stack .com</a>


then page there warning summary plain couple uncanny link:



<a href="javascript:alert('oh noes! xss!');">following couple during your possess risk!</a>


as lot ajax i wish leaving-site page walled garden sorts, ideally radically logging user out page only. i wish stay logged uncanny page.



then someone does past santisation regex can't opening anything hoodwinked user.



anyone know this? illusory record out window/tab but logging out? support ie & fx, nonetheless ideally fortitude work opera/chrome/safari too.



Comments

Post a Comment

Popular posts from this blog

list macos calm editors formula editors

i searched found maudite's doubt text editors nonetheless windows. as have doubt guessed, i am perplexing out there any text/code editors mac besides i know of. i'll correct post consolidate editors listed. free textwrangler xcode mac vim aquamacs closer uncanny emacs jedit editra eclipse netbeans kod textmate2 - gpl brackets atom.io commercial textmate bbedit subethaedit coda sublime calm 2 smultron webstorm peppermint articles associated subject faceoff, best calm editor ever? maceditors.com, mac editors comforts compared thank everybody total suggestions.
Read more

how hibernate @any-related annotations?

could someone explain me any-related annotations ( @any , @anymetadef , @anymetadefs @manytoany ) work practice. i have tough awaiting any useful support (javadoc alone isn't unequivocally helpful) these. i have so distant collected somehow assent referencing summary extended classes. case, since there an @onetoany annotation? 'any' referring unparalleled 'any', churned 'any'? a short, receptive illustrating instance unequivocally many appreciated (doesn't have compile). edit: many i accept replies answers give credit where due, i found both smink's sakana's answers informative. since i can't accept several replies the answer , i unfortunately symbol conjunction answer.
Read more

why does floated <input> control floated component slip over too distant right ie7, nonetheless firefox?

Image
hopefully settlement value thousand lines formula since i don't wish have frame down asp.net code, html, javascript, css yield an instance (but i'll supply i on ask someone doesn't contend "oh, i've seen before! try this...") [actually, i post formula css - bottom question]. here apportionment form page being displayed firefox: the blue boxes surrogate stylings <label> add-on orange lines surrogate border styles <div> tags (so i where extend break). <label> 's styled float: left <div 's right. addition, heir controls <div> also float:left definitely line adult tip <div> (since there taller controls multiline textboxes down below). the radio buttons generated an asp control, wrapped <span> - also floated left given heir <div> . here same apportionment shade rendered ie7: there few teenager digest differences, nonetheless large that's pulling me crazy additional white space beside <input> con...
Read more