on 11/8/2000 12:40 PM, "Chris Campbell" <[EMAIL PROTECTED]> wrote:
> When the Action gets loaded, the service resolves which rules get loaded to
> test which inputs, throwing an exception if
> there are any violations. The Action doesn't have to know about the rules at
> all, and if your boss suddenly wants an
> input field to be alpha-numeric instead of numeric, its a configuration issue.
> The service could be applied to the
> nefarious javascript or sql input cases with appropriate rule classes.
>
> If anyone thinks this is a candidate for Turbine, we'd be happy to beef it up
> and contribute... any feedback would be
> appreciated either way.
Perfect. +1
Also, when doing the HTML input validation, it is better to come up with a
list of "valid" tags and then strip everything else out (ie: the entire
<script> tags). Doing it the other way around turns into a security
nightmare. I have some code for this:
<http://joist.tigris.org/source/browse/joist/java/org/joist/util/TagValidato
r.java?rev=1.5&content-type=text/x-cvsweb-markup>
But it needs some major cleanup before it is integrated into Turbine.
-jon
--
http://scarab.tigris.org/ | http://noodle.tigris.org/
http://java.apache.org/ | http://java.apache.org/turbine/
http://www.working-dogs.com/ | http://jakarta.apache.org/velocity/
http://www.collab.net/ | http://www.sourcexchange.com/
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
