Quick Links

Re: stripping HTML, SQL injections ...

From:	Ottavio Campana <ottavio(at)campana(dot)vi(dot)it>
To:	Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
Cc:	Martin Gainty <mgainty(at)hotmail(dot)com>, Ian Barwick <barwick(at)gmail(dot)com>, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject:	Re: stripping HTML, SQL injections ...
Date:	2007-11-15 09:12:27
Message-ID:	473C0D7B.40606@campana.vi.it
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Alvaro Herrera ha scritto:
> Martin Gainty escribió:
>> this is a very simple html tag strip routine
>> I dont understand what security you had in mind ..
>>
>> so I take it you're not a fan of dojo or GWT?
>
> Let's say the user disables javascript on the browser?

or more easily, an attacker can use the firefox web developer toolbar to
manipulate forms data...

--
Non c'e' piu' forza nella normalita', c'e' solo monotonia.

In response to

Re: stripping HTML, SQL injections ... at 2007-11-15 02:52:20 from Alvaro Herrera

Browse pgsql-general by date

	From	Date	Subject
Next Message	Abraham, Danny	2007-11-15 10:25:17	Chunk Delete
Previous Message	Gregory Stark	2007-11-15 08:38:13	Re: Variable LIMIT and OFFSET in SELECTs