Re: [Cheetahtemplate-discuss] Security hole in Cheetah?
Brought to you by:
rtyler,
tavis_rudd
From: Shannon -jj B. <jj...@gm...> - 2005-04-28 05:39:14
|
Crud. I had forgotten all about that because I so often call other methods, etc. I usually just pass things through Aquarium's $htmlent($value), for which I've received a lot of heat from "more forgetful" programmers :-/ -jj On 4/27/05, ms...@oz... <ms...@oz...> wrote: > JJ wrote: > > Interesting. Notice that when you say $myfield, you're not HTML > > escaping it. Hence, it's open to the cross site scripting > > vulnerabilities, unless I'm missing something :-/ >=20 > Brian can try: >=20 > #filter WebSafe --=20 I have decided to switch to Gmail, but messages to my Yahoo account will still get through. |