On Wed, Jun 23, 2010 at 7:45 AM, danisevsky danisev...@gmail.com wrote:
I would like to implement guest book panel and I have two security question.
1) Need I captcha when there will be only ajax submit link? I think that
robots can't submit form thru javascript.
should be ok
2) New comments will users write in Rich Text Editor (
http://visural-wicket-examples.appspot.com/app/rich-text-editor Reduced
Functionality Example)
so I must setEscapeModelStrings(false) on the label which shows comments. Is
this big security issue?
not as long as you properly sanitize the code, if you dont then
someone can submit script tags inside their comment and create an
xss attack.
-igor
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
