Hi! On 2007/09/06, at 21:09, Chuck Hill wrote:
The implementation of this precedes most of the technologies that can be used for hacks. :-)
Yes, but the world evolves! :) JavaScript is a dangerous playground.
Given how WO works on the server, the potential security problems are limited: links to spam sites, redirection to phishing sites. It is up to you to vet user input before injecting it into a page.Also, for some of these strings it is useful to not escape the HTML. We would end up withalt = ... escapeHTMLInAlt = false; title = ... escapeHTMLInTitle = false;
Hum.... is there any situation where you *don't* want to escape a value to be used as (X)HTML attribute? Doing that would render a grammatically incorrect (X)HTML file.
Yours Miguel Arroz Miguel Arroz http://www.terminalapp.net http://www.ipragma.com
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
