Mike McNally <emmecin...@...> writes: > > On Fri, Feb 6, 2009 at 8:49 AM, Newman, John W <newma...@...> wrote: > > "it's a gross oversimplification to assume that the transformation to be applied to user data is to HTML > escape it" > > > > Can you elaborate on this please? > > > > If I put <script> into a field and the app html escapes it when it's output on the next page, there's no issue. > Where is the oversimplification? > > The problem with applying a filter that "fixes" input is that it makes > the unwarranted assumption that the fix should involve the HTML > syntax, and not SQL or Javascript or CSS or anything else that might > be appropriate.
Thx a lot... I'll looke twice at bean fields before using them in any way. ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
