Hi, > > I know there is probably a simple answer - according to the > docs if I set EMBPERL_ESCMODE to 4, then it should fix any > cross site scripting.
No, 4 is wrong, the best is to use 7 (which is the default). 4 is only for disableing the special meaning of \ and will do nothing on it's own. You can see that it works at http://www.perl-workshop.de/db/register.epl?lastname=%22%3E%3Cscript%3Ealert ('vorsichtfalle!')%3C/script%3E%3C%22 Gerald > > However if I have a text field called guess, and pass the > following line > > > > ?guess=%22%3E%3Cscript%3Ealert('vorsichtfalle!')%3C/script%3E%3C%22 > > > > The alert will appear - how can I disable this behavior, but > keep the normal fdat form population ? > ** Virus checked by BB-5000 Mailfilter ** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
