Re: [SOLVED] WOImage escaping problem
Re: [SOLVED] WOImage escaping problem
- Subject: Re: [SOLVED] WOImage escaping problem
- From: Miguel Arroz <email@hidden>
- Date: Thu, 6 Sep 2007 21:28:48 +0100
Hi!
On 2007/09/06, at 21:09, Chuck Hill wrote:
The implementation of this precedes most of the technologies that
can be used for hacks. :-)
Yes, but the world evolves! :) JavaScript is a dangerous playground.
Given how WO works on the server, the potential security problems
are limited: links to spam sites, redirection to phishing sites.
It is up to you to vet user input before injecting it into a page.
Also, for some of these strings it is useful to not escape the
HTML. We would end up with
alt = ...
escapeHTMLInAlt = false;
title = ...
escapeHTMLInTitle = false;
Hum.... is there any situation where you *don't* want to escape a
value to be used as (X)HTML attribute? Doing that would render a
grammatically incorrect (X)HTML file.
Yours
Miguel Arroz
Miguel Arroz
http://www.terminalapp.net
http://www.ipragma.com
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden