On 27 October 2010 12:21, <ben.robb...@jlta.com.au> wrote: > <Rant> > I just ran into the following text on the Westpac Altitude Rewards web > site. I am amazed that in this day and age that the developers and/or > designers for a banking-related web site have just *given up* and are > forcing their customers to clean their data. > > Note that if your message does include any of the characters you get an > 'input error' feedback but you still have to find the offending characters > and clean it yourself. Unbelievable! > > </Rant> > > > did you really name your son - Robert');DROP TABLE students; ?
I think they've swung to the other extreme - rather than escape their input, they are just blocking it. <rant> continued. Using netbank with the Chrome block script[1] can be a moderately horrible exercise. They seem to use a lot of different domain names throughout netbank, all of which need to get added to the Chrome 'allow this name to run scripts' list. Seems irresponsible of banks to want us to run scripts for all sites with a blacklist, when it's actually safer to run no scripts except for a whitelist. </rant> <rant2> There's a lot of forum software that will blithely drop stuff it finds in angle brackets (like our rant stuff here) - if you want it to display, you've got to html escape it manually < > - often, use of html links will force you into moderation, but entering a html escaped link will actually allow it through. </rant2> -- Meski "Going to Starbucks for coffee is like going to prison for sex. Sure, you'll get it, but it's going to be rough" - Adam Hills
