calabiyau Posted February 17, 2007 Share Posted February 17, 2007 I am making a mail script for a friend. It is an online survey and he wants the results of the survey sent to him. Everything is hard coded into the mail function except for the message body which is constructed from the input of the survey. Is it possible for someone to spam by injecting something into the message body? I know I should strip tags to stop them from running scripts into the email, since it will be html format. If it is possible, what kinds of expressions should I be looking at filtering out? The same kind that you would normally look for like CC: and all that, or do these have any effect within the message body? Thanks. Quote Link to comment Share on other sites More sharing options...
corbin Posted February 17, 2007 Share Posted February 17, 2007 Define spamming. My advice is strip all HTML tags, or if you want HTML to be allowed, only allow certain tags. Additionally, I would definitely limit the amount of input the user can put... Quote Link to comment Share on other sites More sharing options...
linuxdream Posted February 17, 2007 Share Posted February 17, 2007 If it's in the body then it can't be used as a mailing address like CC or BCC. If they were editing the header..that would be another story. Quote Link to comment Share on other sites More sharing options...
calabiyau Posted February 17, 2007 Author Share Posted February 17, 2007 Kay thanks, that's what i needed to know. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.