In your action you could run the text through the character filter in ECS.
This will replace the html elements as you mention.
> -----Original Message-----
> From: Chris Kimpton [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 08, 2000 6:04 AM
> To: turbine
> Subject: Handling javascript being entered into form fields...
>
>
> Hi,
>
> We were just testing our site and someone found that they
> could put javascript code into our tables - which was then
> processed upon re-displaying the data!
>
> My first thoughts to handle this are to do a replace of chars
> like < and > with the HTML printable versions - < >.
>
> So - anyone handled this before - does this seem like the
> best solution? And anyone got a utility for it? I can't see
> any obvious solutions in Turbine/JSDK/JDK.
>
>
> If not, I could code it and contribute it back to turbine -
> as a stringutil or parameter parsers method.
>
> It would take a string and replace the few special chars with
> there encoded versions, for example < becomes <
>
> Thanks,
> Chris
> ---
> "surely it is madness to accept life as it is and not as it could be"
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com/?sr=signup
>
>
> ------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
> Problems?: [EMAIL PROTECTED]
>
-----------------------------------------------------------------------
This message has been scanned for viruses with Trend Micro's Interscan VirusWall.
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
