NoSalt Posted March 24, 2008 Share Posted March 24, 2008 Hello all I am working on a gift site using PHP/MySQL. The address is: http://www.nosaltnetwork.com/gift/ If you could look at it and give some creative criticism, I would really appreciate it. Thanks Link to comment https://forums.phpfreaks.com/topic/97668-please-be-kind-site-critique-requested/ Share on other sites More sharing options...
Coreye Posted March 25, 2008 Share Posted March 25, 2008 Do you want us to test it, or critique it? If you want us to critique it, you should post it on the Website Critique board: http://www.phpfreaks.com/forums/index.php/board,10.0.html. Link to comment https://forums.phpfreaks.com/topic/97668-please-be-kind-site-critique-requested/#findComment-500005 Share on other sites More sharing options...
NoSalt Posted March 25, 2008 Author Share Posted March 25, 2008 Test please ... Link to comment https://forums.phpfreaks.com/topic/97668-please-be-kind-site-critique-requested/#findComment-500014 Share on other sites More sharing options...
Coreye Posted March 25, 2008 Share Posted March 25, 2008 Cross Site Scripting (XSS): You can submit ">code when editing your profile. Cross Site Scripting (XSS): You can submit ">code when adding a gift. Link to comment https://forums.phpfreaks.com/topic/97668-please-be-kind-site-critique-requested/#findComment-500022 Share on other sites More sharing options...
NoSalt Posted March 25, 2008 Author Share Posted March 25, 2008 I have no experience with XSS. Could you give a brief explanation on what you did? Thanks for looking at it for me. Link to comment https://forums.phpfreaks.com/topic/97668-please-be-kind-site-critique-requested/#findComment-500062 Share on other sites More sharing options...
NoSalt Posted March 25, 2008 Author Share Posted March 25, 2008 Oh ... are you saying that you can insert HTML into the fields? If so, I was trying to figure out if I wanted to allow people to use HTML in the "Comments" field or not. It would be nice because they can use some formatting to make a long or complicated listing more legible. I'm on the fence about that one. Link to comment https://forums.phpfreaks.com/topic/97668-please-be-kind-site-critique-requested/#findComment-500074 Share on other sites More sharing options...
john010117 Posted March 27, 2008 Share Posted March 27, 2008 Letting users use HTML is a huge security risk. That's what I believe BBCodes are for. Link to comment https://forums.phpfreaks.com/topic/97668-please-be-kind-site-critique-requested/#findComment-501827 Share on other sites More sharing options...
Recommended Posts