Lots of sites, including blogs, accept user input. Visitor are invited to enter values into fields and click a button to submit the web form. This might be a simple as leaving a comment on a blog or purchasing a t-shirt with a stolen design.
The fundamental rule in website development is to NEVER TRUST USER INPUT. To say that another way, you should always assume the data on a web form is intended to harm your site. The bad guys have some clever ways of doing this with a plain ordinary browser; they don’t need elaborate tools to try this type of attack. Furthermore, you only need to fail in one spot on your website and you’re done. The shared computer at the local coffee shop will do just fine for their attack vehicle.
Let’s take a look at a simple blog comment. Imagine that your blog contains a form that takes a name and a comment. You’re expecting visitors to enter a value in both fields and click a button. You might even implement some validation to make sure that both fields have a value before the form can be posted.
Now let us put the fundamental rule described above into play: You should never trust user input. While the form will warn the user when the field is missing, visitors can still enter gibberish and there’s little you can do to stop them. It’s a web form, they’re on the website you gave them, and that’s why you moderate comments on a blog. While it’s healthy to see comments from people who agree and disagree with you, you still try to keep the signal-to-noise ratio at a reasonable level.
Here’s how they do it: After you sign in, lots of web sites will issue a temporary token to you in the form of a cookie. Your browser sends this cookie along with each page request in order to validate who you are. If you close your browser, you might have to sign in again and get a new cookie. Alternatively, the website might have issued a more durable cookie. In this case, the website might have instructed the browser to store the cookie for several days. This is how Google keeps you signed in for several days.
Scary stuff huh?
You need to protect your site from these types of attacks. The best practice is to process every byte from a visitor. You should never show raw content provided by an untrusted user. In this case, untrusted users are everyone but you. Since your at it, why not protect the site from yourself too, just to be sure.