Re: Handling javascript being entered into form fields...

Thu, 09 Nov 2000 01:59:28 -0800 

I have a set of ContextTools with static methods to do the 
encoding/decoding used generally in templates or in the HTML/URL
handling java code. I will send a proposal later today with the
summary of the files/methods (and whom to send the attachment files
to ingest into CVS).

:) Christoph

Chris Kimpton wrote:
> 
> Hi,
> 
> We were just testing our site and someone found that they could put javascript code 
>into our tables - which was then processed upon re-displaying the data!
> 
> My first thoughts to handle this are to do a replace of chars like < and > with the 
>HTML printable versions - &lt; &gt;.
> 
> So - anyone handled this before - does this seem like the best solution?  And anyone 
>got a utility for it?  I can't see any obvious solutions in Turbine/JSDK/JDK.
> 
> If not, I could code it and contribute it back to turbine - as a stringutil or 
>parameter parsers method.
> 
> It would take a string and replace the few special chars with there encoded 
>versions, for example < becomes &lt;
> 
> Thanks,
> Chris
> ---
> "surely it is madness to accept life as it is and not as it could be"
> ______________________________________________
> FREE Personalized Email at Mail.com
> Sign up at http://www.mail.com/?sr=signup
> 
> ------------------------------------------------------------
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
> Problems?:           [EMAIL PROTECTED]

-- 
==============================================================
       Deutsches Zentrum fuer Luft- und Raumfahrt (DLR)
         Deutsches Fernerkundungs Datenzentrum (DFD) 
   DLR-DFD, Muenchner Strasse 20, D-82234 Wessling, Germany
============= Currenlty relocated to ESA-ESRIN ===============
ESA ESRIN                         Tel: +39 06 941 80 589
c/o Christoph Reck (DLR)          Fax: +39 06 941 80 512
Via Galileo Galilei               mailto:[EMAIL PROTECTED]
I-00044 Frascati (Roma)           http://www.dfd.dlr.de
==============================================================


------------------------------------------------------------
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]

Reply via email to