Shoubhik Bose January 14 at 12:30am
http://www.mywbut.com/answer.phpgo there ( after loggin in) and click on the question,
"What are the differences between function and interrupt? "
I had inserted,
into the text area..
and now the page gets redirected to the page i found appropriate ! haha.. !
I am actually creating a forum on nseccse3.appspot.com , a similar thing happened by mistake..
I had to write some code(a java class)to get a work around(its secure now from scripts.)..
had a good experience! ;-P
This is script injection !
The problem was displaying "<" and ">", once the code was stripped of these, it could no longer run... ! Hence, they were the most crucial tokens in the whole code.. !
FLASHBACK: Earlier I had written code to insert   for whitespace and
for "\n" into the string !
So, here i needed the appropriate representation of '<' and '>' barring
http://www.alanwood.net/demos/symbol.html#s2200
Job was simple,
replace '<' with " < "
and
repace '>' with " > "
but
had to be kept intact..
so,
if( i+3 < s.length() ){
if( s.charAt(i+1) == 'b' && s.charAt(i+2)=='r' && s.charAt(i+3)=='>'){
processed+="
";
i+=3;
continue;
}
}
Job done..!
the full code is here:
http://pastebin.com/7ZHXzM5p
Good day !
No comments:
Post a Comment