On 06-01-2009 at 11:46:58 Alister Cameron <alister.came...@cameroncreative.com> 
wrote:

Excuse my ignorance, Kornel.
Can you elaborate on what you mean by "not secure"?

I use structure a fair bit to return, say, a fully formatted anchor tag.
That DOES have the < character in it.

Sorry, I wasn't clear. I had in mind "<" character that is not supposed to be a 
part of markup.

How is this not secure?

If you've ensured that it's well-formed and all user-supplied data in it has been filtered/escaped properly, then it is secure.
My point is that where structure keyword used, PHPTAL will blindly pass through 
anything, so securing output becomes your responsibility.

--
regards, Kornel



_______________________________________________
PHPTAL mailing list
PHPTAL@lists.motion-twin.com
http://lists.motion-twin.com/mailman/listinfo/phptal

Reply via email to