>>> slb <[EMAIL PROTECTED]> 20/03/00 17:10:12 >>>
>I hope I won't expose myself as a re-treaded CGI
>programmer here but - shouldn't input parameters
>you get through request.getParmater()
>be sanitized to remove non-text characters before you
>put them back out through JSP pages or other servlets,
>etc?
Nope. It's all supposed to be done by the container (ie: the spec
requires that the parameters have been "sanitized" as you put it).
Nic Ferrier
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
