Chris Kimpton wrote:
> We were just testing our site and someone found that they could put javascript code
>into our tables - which was then processed upon re-displaying the data!
>
> My first thoughts to handle this are to do a replace of chars like < and > with the
>HTML printable versions - < >.
>
> So - anyone handled this before - does this seem like the best solution? And anyone
>got a utility for it? I can't see any obvious solutions in Turbine/JSDK/JDK.
>
> If not, I could code it and contribute it back to turbine - as a stringutil or
>parameter parsers method.
>
> It would take a string and replace the few special chars with there encoded
>versions, for example < becomes <
Seems like a great idea, everyone encouters this problem once in a
while...
Rafal
--
Rafal Krzewski
Senior Internet Developer
mailto:[EMAIL PROTECTED]
+48 22 8534830 http://e-point.pl
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
