well, that's something you need to manage depending on what textarea saves and when the same data gets retrieved. Security-wise, the .serialize() method of jquery should percent-encode all the content, so, e.g., even if there is some javascript typed into the textarea the POST would not break anything. >From there onwards, what you do with the textarea value needs to be managed accordingly
On Tuesday, February 26, 2013 4:15:52 PM UTC+1, Kostas M wrote: > > Niphlod thank you very much for your reply. > > I implemented the 2nd option you mentioned, using jquery to add a textarea > in the <form> tags. In the controller, I use the request.vars.textareaname > to retrieve the contents of the > textarea and then I insert them into the proper table. Just a thought: Are > the request.vars.textareaname contents sanitized or should I take some > extra measures? > >> >> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
