[CK-Ledger-users] phpgw/ck-erp validation against "<..>"
Status: Beta
Brought to you by:
ckwu
Menu
▾
▴
[CK-Ledger-users] phpgw/ck-erp validation against "<..>"
|
From: C K Wu <ck...@ch...> - 2004-08-11 02:05:34
|
Hi, folks, I am contemplating adding input validation against "...<..>..." within CK-ERP environment to minimize the risk of crosss site scripting. However, I am mindful of the following situation, page request -> phpgwapi (requiring <..>) -> ck-erp modules (rejecting request because of embedded <..>) -> [in case of normal exit] phpgwapi (requiring <..>) Would this happen in real operation ? If so, is it a rare occasion, that I can handle as special cases ? Any suggestions or comments welcomed. Cheers, CK |
