HtmlSecurity.config

If you are a CE/Vista admin, then you should probably be aware of $WLDOMAIN/serverconfs/HtmlSecurity.config.

This file has the regex code for blocking inappropriate input by users to exploit forms. Say a student wants to write a mail message to another student with JavaScript to execute malicious code to hijack a session. One of the regexes here would reject the message on Submit with an error and not take it so it would not make it into the database.

The config file makes for interesting reading. Especially at the end where an administrator has the option of turning on items to block images, background images, anchor links, and (my personal favorite) any URL to an external portal “since it would be possible for students to trick instructors into unknowingly making requests to that system.”

 

from Rants, Raves, and Rhetoric v4

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s