On Nov 15, 2009, at 11:34 PM, Mike Williams wrote: > There doesn't seem to be a webserver at that URL, so I can't see what > you're doing wrong.
I just tried the link and it went (eventually). Either he fixed it, or the server is just slow. Anyhow, clicking on the markers in their current form displays the following: <html><body><b>some random text< >< ody><html> Your display problems aside, the html you're trying to use at the moment is pretty clearly broken. It looks like maybe you forgot to escape a / in your quoted strings in the php script outputting this stuff. /b means escape-b, whereas //b means '/' followed by 'b', which is what you want your resultant html to have. With that in mind, what are your plans for when a user enters broken/invalid html as you have? If the user enters sufficiently broken html, it will break all of *your* html which follows. MW definitely cut to the important issue: quite likely the best solution would be to treat user data as plain text. Doing otherwise provides the user with all sorts of injection attack vectors against your page, both malicious and unintentional. That is to say, you've already executed a nearly-successful attack against your own page. Good thing it wasn't rendering your data as html! If you can't trust yourself, who *can* you trust? Surely not the internet at large. ;) -- You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-maps-api?hl=.
