On 5/5/05, Eric Raymond <[EMAIL PROTECTED]> wrote:
> Here's one way to resolve the issue. There are a handful of input
> methods in Flex that allow arbitrary input. It would be a step in the
> right direction if (by default) these text input methods would strip
> out offending strings. Ideally there would be a property on these
> components that would allow them to accept any input ... but by
> default they would be safe. Alternatively there could be an
> application level setting that controlled for this.
It would be hard to define "offending strings". The way this is
solved in the HTML world is, data is encoded at the output end. For
example, if a 'title' and 'description' is being output in a webpage,
the values for the 'title' and 'description' field are HTML-encoded
before printing. So basically the application treats data like data
(and prevents it from being treated like code) at the output end.
The other approach, of restricting input to a subset, is used when you
want users to be able to input some code (B, I, P tags in HTML, but
not "malicious" tags like SCRIPT, OBJECT, etc.) but only specific
types of code.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/flexcoders/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
