I thought that Django forms had built in security measures. I am using newforms and form.clean() as instructed, at least to the best of my knowledge. However, when I put this to the test, I was able to put <script> tags in it that were live in app engine and could pop up alerts. And probably worse. I had to put and extra step in the python code on the server, cgi.escape()
Besides that, I've been working on this web app most of the summer but on Monday I an interview for a real job (I hope!!) in which case I will put this in the public domain, but first I want to be sure there are no serious flaws in it. If you have a minute, please try http://rambletown.appspot.com which should bring you to the main page, just press one of the play buttons and a Google maps mash up should run automatically,drawing polygons and synchronized with a slide show. It has a built-in editor if you want to make your own routes, it can read public Picasa albums, if they are geo-coded it will automatically make the route. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
