问题描述
我正在运行凯文罗斯的rte盒子,我想停用该盒子内的过去的能力
。人们有时会在那些可能会破坏我网站的地方粘贴一些令人发指的东西。如何停用
粘贴的能力?
请参阅:
感谢您的帮助
Seth Russell
那是'可能不是解决问题的最佳方法。粘贴是一个有用的操作,并且禁用它将保证最终惹恼一些用户的b $ b。还要记住,任何可以粘贴的东西,
也可以手动编写,所以如果有人想打破你的b
网站,他们仍然可以(或者如果需要的话,他们可以假的是HTTP POST
的坏内容。
如果您的应用程序输入格式错误有问题,它应该是
在使用输入之前在服务器上进行扫描,然后再使用
其他任何内容。
这是客户端/服务器编程的一般原则
互联网......不要相信客户。防止
网站破损的责任应该放在一个你可以信任的地方,这意味着
服务器。
/ L $ / $
-
Lasse Reichstein Nielsen -
DHTML死亡色彩:< URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
''没有判断的信仰只会降低精神神圣。' '
是的,是的...小心点我在php中执行一个常规操作。
需要
*禁止所有脚本
*禁止破解html - 这是在原子\ Rss提要和
需要完美的XHTML
Seth Russell
I''m running Kevin Roth''s rte box and i want to deactivate the ability
to past inside the box. People sometimes paste outrageous things in
there that might break my site. How can I deactivate the ability to
paste?
see: http://www.kevinroth.com/rte/demo.htm
Thanks for your help
Seth Russell
That''s probably not the best way to solve the problem. Pasting is
a useful operation, and disabling it will be guaranteed to annoy
some users eventually. Also remember, anything that can be pasted,
can also be written manually, so if someone wants to break your
site, they still can (or if need be, they''ll fake a HTTP POST
of the bad content).
If your application has a problem with malformed input, it should
scan for exactly that, on the server, before using the input for
anything else.
That is general princliple in client/server programming on the
internet ... don''t trust the client. The responsibility for preventing
site breakage should lie in a place that you can trust, which means
the server.
/L
--
Lasse Reichstein Nielsen - lr*@hotpop.com
DHTML Death Colors: <URL:http://www.infimum.dk/HTML/rasterTriangleDOM.html>
''Faith without judgement merely degrades the spirit divine.''
Yes, yes ... care to point me to a routine in php that does that.
Needs to
* disallow all scripts
* disallow broken html - this is going out on a atom \ Rss feed and
needs to be perfect XHTML
Seth Russell
这篇关于如何在富文本编辑框中停用粘贴?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!