26 Apr
2006
26 Apr
'06
6:55 p.m.
Hi all,
We've had another one of the "[Some grammatical corrections]" spam attacks, this time on our homepage. It's only a single page again this time, but annoying. Seems others have suffered the same thing.
Is one solution to this to strip inline styles from user input? (or at least stuff that manipulates height or visibility). crschmidt's SQL hack is nice, but still requires us to spot the attack and its identifying comment phrase. Banning these styles would make all links visible, which maybe isn't what we want, but may at least make it easier for us to spot and remove them.
What do people think? Is this a useful strategy? How much work on the codebase would be involved?
Cheers,
Tom. (Open Guide to Milton Keynes).