On Wed, 11 Apr 2007, Andreas Falch wrote: > I've been using HTML::Mason quite a while and would like to be enlightened > on cross-site scripting best practices. There is an example on a argument > filtering plugin HTML::Mason::Plugin::PreventCrossSiteScripting at: > > http://www.masonhq.com/?SamplePlugins > > This post says that this is a wrong approach: > > http://marc.info/?l=mason&m=115477961103781&w=2 > > In what way is this wrong and what can be done to correct it?
I think the person saying it was wrong was implying that a better approach is to use a real HTML parser to remove unwanted tags. Take a look at a module like HTML::Scrubber. -dave /*=================================================== VegGuide.Org www.BookIRead.com Your guide to all that's veg. My book blog ===================================================*/ ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
