you are the only one choosing how much security would matter to you and
your app. In this case, you are permitting anything to be injected in your
page. If you trust your users at that level, please do. As soon as you get
an annoyed user, your site will be screwed but hey, you were the trusting
one in the first place....
On Wednesday, September 10, 2014 5:57:21 PM UTC+2, Yousif Iyad Shaban wrote:
>
> If I was to enable HTML in posts using:
> {{=XML(post.body)}}
>
> and disable registration entirely using:
> auth.settings.actions_disabled.append('register')
>
> Would that be enough to remove security concerns about injections from the
> outside?
>
>
> And as a side note, thank you guys for this great framework!
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
