On 5/20/2015 12:56 PM, Stephan Beal wrote: > On Wed, May 20, 2015 at 7:45 PM, Andy Goth <andrew.m.g...@gmail.com > <mailto:andrew.m.g...@gmail.com>> wrote: >> so " is not needed in them either. But what is needed is for >> literal single quotes to be rendered as ', or else they will confuse >> the browser and open Fossil to injection attacks. > > Of what kind? > > (please excuse brevity - left hand is currently bandaged)
The linked article gives examples. Repeating: http://wonko.com/post/html-escaping -- Andy Goth | <andrew.m.goth/at/gmail/dot/com>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fossil-dev mailing list fossil-dev@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev