As the answers on how XSS can be malicious are already given, I’ll only answer the following question left unanswered: how can i prevent XSS from happening on my websites ? As to preventing from XSS, you need to HTML-escape any user-controlled input when they’re about to be redisplayed on the page. This includes request … Read more
Old question, but I thought I’d chime in, as I’ve been maintaining a module for Drupal (Honeypot), which uses the Honeypot spam prevention method alongside a time-based protection (users can’t submit form in less than X seconds, and X increases exponentially with each consecutive failed submission). Using these two methods, I have heard of many, … Read more
Concept By adding a invisible field to your forms that only spambots can see, you can trick them into revealing that they are spambots and not actual end-users. HTML <input type=”checkbox” name=”contact_me_by_fax_only” value=”1″ style=”display:none !important” tabindex=”-1″ autocomplete=”off”> Here we have a simple checkbox that: Is hidden with CSS. Has an obscure but obviously fake name. … Read more
This is actually reasonably easy. You can programatically detect skin tones – and porn images tend to have a lot of skin. This will create false positives but if this is a problem you can pass images so detected through actual moderation. This not only greatly reduces the the work for moderators but also gives … Read more