On Wed, Jun 23, 2010 at 7:45 AM, danisevsky <danisev...@gmail.com> wrote: > I would like to implement guest book panel and I have two security question. > > 1) Need I captcha when there will be only ajax submit link? I think that > robots can't submit form thru javascript.
should be ok > > 2) New comments will users write in Rich Text Editor ( > http://visural-wicket-examples.appspot.com/app/rich-text-editor Reduced > Functionality Example) > so I must setEscapeModelStrings(false) on the label which shows comments. Is > this big security issue? not as long as you properly sanitize the code, if you dont then someone can submit <script> tags inside their comment and create an xss attack. -igor > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org