Message from JavaScript discussions

February 2017

— Stuff like my bank just blacklisting a list of like 20 special chars


I talked to a guy who breached a whole bank's mainframe because an html field literally just dumped into sql, so he typed sql queries and got everything

— Hilarious

— Nice

— And no one believed him, so one day he did that, brought in 5 500 page binders (whole database) and slapped em down at a meeting

Message permanent page

— Only other guy who knew was a cto or something

— Reminds me of the PHP app where stuff was hidden by echo'ing html comments

— That was my first web app lol

— All the html was echoed

— Theirs too aparently

— Not a single seperate template, all embedded in the php, what a painful memory

— It was around 3000 lines of combined markup/php