On 19 March 2010 09:54, silky <[email protected]> wrote: > RequestValidation. Reasonable programmers should turn it off and - > indeed - do everything on *output*, but the few who are able to create > websites without understanding anything; maybe this helps them. >
It'd be more helpful if they provided some wrappers for output similar to struts and made the developers use that so they understand what they're doing. Possibly a better model might have been to escape everything that goes out of the response object by default + provide a tag library that covers 99% of normal use cases. Then if people need to write out something unsafe (e.g you're writing a CMS or similar) then you can pass in an argument to the response object along the lines of "OUTPUT_UNSAFE_HTML" .... might make people stop and think. Unfortunately, that would not make for a good drag-and-drop demo presentation. -- David Connors ([email protected]) Software Engineer Codify Pty Ltd - www.codify.com Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact
