That which I say three times it true:
Do not trust user input. Do NOT trust user input. DO NOT TRUST USER INPUT.
As mentioned, users can turn off javascript. You're assuming of course that
skr!pT k1DD13s use browsers. It is trivial to build an HTTP request and
telnet into the server at port 80.
Javascript is nice for telling users if they've got it wrong. If you're
going to trust it, you're on crack.
Hope This Helps
{Pete
-------------------------------------------------------
($_='Yw_xUabcdtefgdijktljkotiersjkUzxT
yvlkbfdtcierstajogvPruntRshackRJelov')
=~y/RTUv;wxYz$/ ~'\/;$=();/;eval;print
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
