Re: [PATCH] Escape HTML in Apache::Status data and env dump

Stas Bekman Tue, 05 Oct 2004 15:31:00 -0700

Markus Wichitill wrote:

The fact that HTML in dumped variables in Apache::Status messes up the output has always bugged me, and this is also a potential XSS security issue, so here's a patch to escape the markup.


Thanks Markus! Commmitted with minor tweaks.

--
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [PATCH] Escape HTML in Apache::Status data and env dump

Reply via email to