Classifieds Site

[neogemima]

Hi Guys,

 

I'm working on a database project right now and have not spent a whole lot of time on design.  The look is supposed to be super simple because the focus is not the site, but the content.  Right now my buddies and I are testing it, so don't mind all the useless posts in each section.

http://www.biotechposting.com

 

Also, not all links are active, we are updating daily.  I appreciate any and all opinions.  Thanks.

 

 

[Andy-H]

http://www.biotechposting.com/pages/news.html

 

XSS vunerable, I injected javascript into the title of a post and when the second link - Test is `mouse-overe'd` the window.location is changed to http://elgoog(dot)com

Use stripSlashes() and HTMLentities() with ENT_QUOTES when displaying the title / posted body of the document to prevent this. 

[Axeia]

does not validate.

Tables should not be used for layout.

<font> tags are deprecated and should not be used.

Don't see any h1-h6, just <font> tags to make important text bigger.

Can't you use serverside includes instead of iframes? It's usually a good idea to avoid frames wherever possible. Not to mention I'm not seeing al the contents of the frame, last line gets cut in half with the bottom half invisible. (Using Firefox 3 on openSUSE (linux))

 

</dl>
<br/>
<br/>
<br/>
<br/>
<br/>

Use style="margin-bottom: 50px;" on the <dl> instead or better yet do that in a stylesheet. This is the kind of HTML you end up with using a WYIWYG editor.

 

<input name="agreement" value="agree" onclick="if (this.checked){this.form.tr.disabled=0}else{this.form.tr.disabled=1}" type="checkbox"><font color="#666666">I accept the terms of use.</font>      

I'd use

<input id="agreement" name="agreement" value="agree" onclick="if (this.checked){this.form.tr.disabled=0}else{this.form.tr.disabled=1}" type="checkbox"><label for="agreement" style="color: #666; margin-right: 90px;">I accept the terms of use.</label>

 

 

edit

Forgot, I don't know for how much of this your editor is to blame, though the bits I commented on are most likely hardcoded.

But should you require an editor that uses proper tag, both tinymce and fckeditor do a decent job.

[neogemima]

Thanks guys, I appreciate it.  And even though my page acted weird this morning and freaked everyone out quite a bit (my phone rang off the hook at 8am on a Saturday) I appreciate the security demonstration.    Can someone give me a little more detailed explanation on how to use those functions that will filter out the javascript if someone puts it in their header or content?

 

Thanks.

 

I will try to get the site to validate and make some corrections in the code and repost the url here.

[nrg_alpha]

You can always bring the javascript security issue(s) to attention in the 'Beta Test Your Stuff!' forum (just be sure to read the top sticky thread prior to posting!).

[fabrydesign]

I've noticed it is very hard to get back to the home page.

[neogemima]

There's a home button on every page, not obvious enough?

[Revlet]

Overall the simplicity works.

 

However I think the lime green might be a little to bright against the white. especially on bright monitors like mine.

 

 

Maybe darken it a little or go with another color?