Cross Site Scripting

Tue, 24 Jan 2006 10:33:55 -0800

I know there is probably a simple answer – according to the docs if I set EMBPERL_ESCMODE to 4, then it should fix any cross site scripting.

However if I have a text field called guess, and pass the following line

 

?guess=%22%3E%3Cscript%3Ealert('vorsichtfalle!')%3C/script%3E%3C%22

 

The alert will appear – how can I disable this behavior, but keep the normal fdat form population ?

 

 


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.22/238 - Release Date: 23/01/2006

Reply via email to