On 06-01-2009 at 11:46:58 Alister Cameron <alister.came...@cameroncreative.com> wrote:
Excuse my ignorance, Kornel. Can you elaborate on what you mean by "not secure"? I use structure a fair bit to return, say, a fully formatted anchor tag. That DOES have the < character in it.
Sorry, I wasn't clear. I had in mind "<" character that is not supposed to be a part of markup.
How is this not secure?
If you've ensured that it's well-formed and all user-supplied data in it has been filtered/escaped properly, then it is secure.
My point is that where structure keyword used, PHPTAL will blindly pass through anything, so securing output becomes your responsibility. -- regards, Kornel _______________________________________________ PHPTAL mailing list PHPTAL@lists.motion-twin.com http://lists.motion-twin.com/mailman/listinfo/phptal