The Password Policy module suffers from a persistent (stored) cross site scripting (XSS or arbitrary script injection) vulnerability because it fails to sanitize expiration warning messages before display.
A cross site scripting (XSS), or arbitrary script injection, vulnerability exists in TinyMCE due to the fact that the bbcode plugin violates the explicit security policy of TinyMCE. If the bbcode plugin is enabled, but encoding is enabled using the "encoding" directive, or sanitizing is enabled using the "valid_elements" attribute, these mechanisms fail to function as expected.
This short example shows you how you can dynamically add form elements to an existing form based on user request. This is especially helpful for users of web based email applications so they can add multiple attachments easily.
This quick and dirty function allows you to have the browser auto tab across elements as they reach a pre-specified maximum length. Nice for using when you're separating phone numbers into multiple form fields (provides a more user friendly interface).
When you paste code into the text box created with the code below and click the 'fix' button it strips out the extra line breaks.
This is a script I whipped up to prevent content from a site from being framed in by another site. I had a situation where a site I was maintaining was being framed in by another site, giving the impression that the content was their own. It was a simple matter to break out of their frame (hey, if they're calling my code they have to be prepared for the consequences). I often use this code on pages as a safeguard to prevent such activity from taking place.
This function checks to make sure that a form field is in correct 'mm/dd/yyyy' format. The article also includes a function that checks for yyy-mm-dd format more elegantly by using regular expressions.
Quotes inside form input can wreak all sorts of havoc by interfering with normal quotations that delimit strings in programming and display logic. An easy way to eliminate these problems is to strip out single and double quotes in a form as the form is submitted.
This simple script allows you to dynamically track values for checkboxes and add or subtract those values from a total.