Security Problem

  • A user of my site found a security problem. If they begin typing in a comment and then highlight any word in that comment field and then type Ctrl U and Ctrl B a browser opens on their computer with source code for my site. They are using Chrome for a browser.

    Obviously I don’t want to tell the name of the site for security reasons but was hoping someone could give me some insight as to what the possible fix would be.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Don’t highlight anything on this page. Just hit CTRL+U. It should open a page with the source code for this page. Alternatively, you should also be able to just right-click an empty spot on this page and, in the menu that opens, find an option that says something to the effect of “View Page Source”.

    Go to Google.com. Try it there. One of the biggest companies in the world, and arguably the most net saavy, has viewable source code. Having viewable source code is not a security risk (at least not one that is avoidable). It is required for your browser, giving the browser the information it needs to be able to know what it should show you when you visit a site.

    **Edit to note that Ctrl+U opens page source in FireFox and Chrome. Ctrl+B in FF opens bookmarks. Ctrl+B in Chrome for older versions opened bookmarks (changed to Ctrl+Shift+B). If you are using Opera, Ctrl+F3 will open page source. In IE 8, Alt+V+C opens page source (used to be Ctrl+U). For others, you will have to look that up.

    Thread Starter iselltheta

    (@iselltheta)

    Daemus – thank you very much.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security Problem’ is closed to new replies.