skip to Main Content

I have a website that allows anyone to upload anything they want to my site, I’ve been having problems with people uploading phishing html’s and I would like to show the html page as text instead of loading it but I’m not sure how I would go about doing that? I assumed it was something that could be done in htaccess but I can’t find any information about it. I’m using Ubuntu with Apache. When someone uploads the html file I need to automate the process, I only need to disable html in one directory and this directory isn’t shared with any html files that are supposed to display properly

4

Answers


  1. Maybe use this function:

    function htmlEntities(str) {
        return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
    }
    

    Source: https://css-tricks.com/snippets/javascript/htmlentities-for-javascript/

    Login or Signup to reply.
  2. You can send it with Content-Type: text/plain; charset=UTF-8 header.

    .htaccess:

    AddType text/plain html
    
    Login or Signup to reply.
  3. Method 1

    Create a .htaccess file at the root of your website and add this line:

    [Apache2 @ Ubuntu/Debian: use this directive]

    AddType application/plain .html .htm

    The above will intercept and handle any html pages within your directory to run as plain text files.

    Method 2

    Alternatively, you can run a separate process that accepts incoming html pages and performs a conversion to plain text at runtime. A string replacement method will do the trick.

    Login or Signup to reply.
  4. <xmp> 
     user content here
    <xmp>
    

    The <xmp> Element is obsolete but behaviour is defined in HTML5.
    It’s supported by all modern and unmodern Browser.

    or, if you prefer valid HTML, this:

    <body>
    <script type=text/plain style=display:block>
     user content here 
    </script>
    

    You have to ensure that user content doesn’t contain </xmp> or </script>, resp.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search