KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: Protect web application from malicious code injection
PRODUCT: 4D | VERSION: 19 | PLATFORM: Mac & Win
Published On: September 20, 2021

When developing a web application with 4D, be aware that data from an external source, such as user input on a form, can cause the application to perform undesirable actions. For example, a user could insert malicious code via certain 4D transformation tags to perform an unexpected QUIT 4D. To prevent this type of scenario, avoid using tags such as 4DSCRIPT and 4DEVAL to evaluate user input. Instead, use the 4DTEXT transformation tag, because this tag will escape special HTML characters and any potential malicious code will not be interpreted.