Geek Answers Handbook

HTML editing in browser

Many people know that people can edit the website’s html source code using the validation feature feature available in most browsers. This is pretty harmless since the changes only happen on the local machine and not on the website itself. I am worried about one security issue that may arise, although I am wondering if anyone knows about this.

How this form of effect can be sent. Fields can often be hidden and the value needed to complete a particular query be stored. I wonder if people have changed this value in a hidden field, which could jeopardize the site’s security? Is there a security risk associated with this? I have a way to easily protect it, but I just wondered if it was worth protecting against this flaw.

Thanks for the help.

+8
html security css php
source share
3 answers

Yes, yes, this is a huge security issue.

Never trust the data provided by the user, which means, through a proxy, by submitting a web page.

+7
source share

This, of course, can have a negative effect. You must ensure that important data from your form has not been modified by your visitor. For example, on the selected input, make sure that the selected value is the one you entered in the code yourself on the server side.

+1
source share

Yes, this is definitely something that is not only worth considering, but also a must.

That's why client-side validation is not enough, and you need server-side validation for everything .

There are many things here, but here are some of the checks you should consider:

  • the length of the text inputs (where they apply, and they should apply in most cases). Characters allowed
  • . I doubt that there are many names in which there are numbers.
  • data type (if you expect a number, make sure it is a number).
  • make sure that the values ​​obtained from the samples and checkboxes are indeed in the list of expected data.
  • specific formats (e.g. email addresses).
  • check the file extension, type and MIME size for the downloaded files.

And yet, that’s all I can think of at the moment.

0
source share

More articles:


All Articles