Open source software security

Drupal 6/7 Password Policy Module XSS Vulnerability

The Password Policy module suffers from a persistent (stored) cross site scripting (XSS or arbitrary script injection) vulnerability because it fails to sanitize expiration warning messages before display.

XSS Vulnerability in TinyMCE

A cross site scripting (XSS), or arbitrary script injection, vulnerability exists in TinyMCE due to the fact that the bbcode plugin violates the explicit security policy of TinyMCE. If the bbcode plugin is enabled, but encoding is enabled using the "encoding" directive, or sanitizing is enabled using the "valid_elements" attribute, these mechanisms fail to function as expected.

Dynamically Add HTML Form Elements

This short example shows you how you can dynamically add form elements to an existing form based on user request. This is especially helpful for users of web based email applications so they can add multiple attachments easily.

JavaScript Email Validation

A simple javascript function to check for a valid email address (including a legitimate top level domain or country code extension).

JavaScript Auto Tabbing Function

This quick and dirty function allows you to have the browser auto tab across elements as they reach a pre-specified maximum length. Nice for using when you're separating phone numbers into multiple form fields (provides a more user friendly interface).

Line Break Ripper

When you paste code into the text box created with the code below and click the 'fix' button it strips out the extra line breaks.

JavaScript Frame Killer

This is a script I whipped up to prevent content from a site from being framed in by another site. I had a situation where a site I was maintaining was being framed in by another site, giving the impression that the content was their own. It was a simple matter to break out of their frame (hey, if they're calling my code they have to be prepared for the consequences). I often use this code on pages as a safeguard to prevent such activity from taking place.

Javascript Single Date Check Script

This function checks to make sure that a form field is in correct 'mm/dd/yyyy' format. The article also includes a function that checks for yyy-mm-dd format more elegantly by using regular expressions.

JavaScript Single/Double Quote Killer

Quotes inside form input can wreak all sorts of havoc by interfering with normal quotations that delimit strings in programming and display logic. An easy way to eliminate these problems is to strip out single and double quotes in a form as the form is submitted.