I was hired to make a Content Management System for a computer
consulting group, and it is almost done. It allows registered users
to submit code that is dynamically inserted into the Live website. It
works, BUT!
I only want CLIENT-SIDE code to be allowed for submission.
Can you give me some ideas as to what I should DIS-allow on submit?
First I will parse the submission using Javascript, and then I will
re-parse with ASP before I allow stuff to be inserted.
Here is my "lack List"so far... Disallow:
1. <%
2. %>
3. HTMLEncode
4. runat
Do you have some other ideas? I am sure other Server-Side scripting
technologies (like PHP and PERL) must use there own ways of doing
stuff, and I bet even in ASP I am forgetting a couple things...
Any help is appreciated.
Thanks,
Holden
PS: The "HTMLEncode" is for stuff like this:
Server.HTMLEncode( string )
PPS: The "runat" is to disallow stuff like this:
<script language="vbscript" runat="server">