Extension talk:Anysite

For people who think that this extension is unsafe: This extension allows every sites to be embedded. So, technically, well, since HTML code in iFrame tag should not be rendered by Internet engine, I don't think this is the case. Especially, virtually many sites are unsafe. My purpose for creating this extension is to embed every, every sites. If you think that you can improve this extension, please make notes in discussion page. Idea: I will work on version 2.0 which will reject any bad website and any hacking program or permission changer.


 * This extension is not unsafe because it allows things to be shown in an iframe. It is extremely unsafe because it allows arbitrary javascript code to be injected into the page itself, thus allowing cookie theft, thus directly allowing attackers to hijack accounts. When passing things from $input to $output, the values must be strictly validated, or htmlspecialchars must be applied to them. Try something like  "> alert("yum yum i eat your cookies!") . To fix the gaping hole in this extension, use this:

$output= ''.' ';


 * cheers -- Duesentrieb ⇌ 01:57, 8 May 2007 (UTC)