On Fri, Jul 24, 2009 at 6:26 PM, Bil Corry<b...@corry.biz> wrote: > That's a classic XSS vulnerability. The backend developer must know if there > are quotes or not in the template, then encode/sanitize the value accordingly.
It's not XSS if the values are statically provided by the first developer and aren't generated from user input.