#5882: Cross-site scripting not mentioned in the tutorial
--------------------------------+-------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: new | Component: Documentation
Version: SVN | Keywords: xss cross-site-scripting
Stage: Unreviewed | Has_patch: 0
--------------------------------+-------------------------------------------
Am I right that you don't mention the problem of cross-site scripting in
the tutorial? Let's say I would add a poll like this:
question: What does <script>alert("foo");</script> do?
Would the application output a properly quoted question or would I get a
JavaScript message box?
--
Ticket URL: <http://code.djangoproject.com/ticket/5882>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
