[thelist] form field safety

Ken Schaefer Ken at adOpenStatic.com
Sun Oct 26 20:38:02 CDT 2008

Just have the server email it to you as plain text. And make sure there isn't any way that the submitted could "inject" a header into the SMTP message - everything they submit must go into the SMTP body. When it gets to your mail client, it's just a bunch of plain text...


> -----Original Message-----
> From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org]
> On Behalf Of Joel D Canfield
> Sent: Saturday, 25 October 2008 3:05 AM
> To: thelist at lists.evolt.org
> Subject: [thelist] form field safety
> Drawing a huge blank; I can't even think of what to search for, though
> it ought to be a fairly simple Googlage.
> I have a form where users can submit a short story. I just want to put
> some safeguards in place to prevent ugliness. This will not be written
> to a database, just emailed to me. I'm looking for server side safety
> considerations; just doing basic form validation with js up front.
> I been sick. My head's not working. I, on the other hand, still need to
> work.
> Thanks.

More information about the thelist mailing list