SafeMode HTML

<HTML>
<BODY SafeMode="true">
<H1>Hello request.getParameter("name")
</H1>
</BODY>
</HTML>


In SafeMode, the "name" parameter is still evaluated.  But no matter what its value, it is always handled by the browser as data.  Any tags a malicious user might try to enter would be non-conforming to SafeMode's structure.

 

Free-form Code Input Parsing
Code and data are intermixed
SafeMode - Structured Input Parsing
Code and data are separated by adhering to a predefined structure
<HTML>
<BODY>
<H1> Hello Dan <SCRIPT>alert('XSS');</SCRIPT>
</H1>
</BODY>
</HTML>
<HTML>
<BODY SafeMode="true">
<H1> Hello Dan <SCRIPT>alert('XSS');</SCRIPT>
</H1>
</BODY>
</HTML>



SafeMode SafeMode hosted on SourceForge.net.
        Fast, secure and Free Open Source software downloads