Hi,
We were just testing our site and someone found that they could put javascript code
into our tables - which was then processed upon re-displaying the data!
My first thoughts to handle this are to do a replace of chars like < and > with the
HTML printable versions - < >.
So - anyone handled this before - does this seem like the best solution? And anyone
got a utility for it? I can't see any obvious solutions in Turbine/JSDK/JDK.
If not, I could code it and contribute it back to turbine - as a stringutil or
parameter parsers method.
It would take a string and replace the few special chars with there encoded versions,
for example < becomes <
Thanks,
Chris
---
"surely it is madness to accept life as it is and not as it could be"
______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
