On 5/20/2015 12:56 PM, Stephan Beal wrote:
> On Wed, May 20, 2015 at 7:45 PM, Andy Goth <andrew.m.g...@gmail.com
> <mailto:andrew.m.g...@gmail.com>> wrote:
>> so &quot; is not needed in them either.  But what is needed is for
>> literal single quotes to be rendered as &#39;, or else they will confuse
>> the browser and open Fossil to injection attacks.
> 
> Of what kind?
> 
> (please excuse brevity - left hand is currently bandaged)

The linked article gives examples.  Repeating:

http://wonko.com/post/html-escaping

-- 
Andy Goth | <andrew.m.goth/at/gmail/dot/com>

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
fossil-dev mailing list
fossil-dev@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev

Reply via email to