I've got a website in wich I want to allow the user some customization.
To prevent my site from injection, I use : {{=XML(markup,sanitize=True)}}
This works perfect, except it doesn't allow the tags 'font' and 'span'.
I know I can override this default behaviour, but I want to know if I
expose my site to dangers if I allow the 'font' and 'span tags'.
Is there a good reason they are not exposed by default???
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
