On 24 January 2012 06:59, Daniel Friesen <[email protected]> wrote: .. > Don't delude yourself into thinking that you can easily blacklist the > elements that would run a script. > http://ha.ckers.org/xss.html >
What about using textNodes? http://stackoverflow.com/questions/476821/is-a-dom-text-node-guaranteed-to-not-be-interpreted-as-html -- -- ℱin del ℳensaje. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
