Not Java, but I guess that just Illustrates the point you're making! :-) I'd be happy to translate some of my perl if you like. d.
> -----Original Message----- > From: Jon Stevens [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 20, 2001 6:44 PM > To: [EMAIL PROTECTED] > Subject: Re: Cross site scripting > > > on 11/20/01 7:43 AM, "Danny Angus" <[EMAIL PROTECTED]> wrote: > > > filter everything for public consumption its safest, its not > just <SCRIPT> > > you have to watch out for its also pernicious things like <P > > onMouseOver="foo();"> which may not work often, but you don't want it to > > *ever*, and who is to say which inline event handler will or > won't work on > > what browser now or in the future, its really the only safe way IMO. > > Do you have some code you can contribute for this? > > -jon > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>