Code injection into a user-accessible text field

Code injection

This is the biggest risk for the modern social web, because nearly every website has a comment or feedback form where visitors can enter content and post it to your page for other visitors to see. Now, what happens when you type some Javascript into a comment form on your blog and post it? How about an SQL database query, or some rogue PHP code? How about accessing your site with the malicious code in the address bar?

(more…)