| From: | "Martin Gainty" <mgainty(at)hotmail(dot)com> |
|---|---|
| To: | "Ian Barwick" <barwick(at)gmail(dot)com> |
| Cc: | "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>, "pgsql-general" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: stripping HTML, SQL injections ... |
| Date: | 2007-11-15 00:37:09 |
| Message-ID: | BAY108-DAV128D3C01D5EBA83D7C944BAE820@phx.gbl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
this is a very simple html tag strip routine
I dont understand what security you had in mind ..
so I take it you're not a fan of dojo or GWT?
M--
----- Original Message -----
From: "Ian Barwick" <barwick(at)gmail(dot)com>
Cc: "Scott Marlowe" <scott(dot)marlowe(at)gmail(dot)com>; "pgsql-general"
<pgsql-general(at)postgresql(dot)org>
Sent: Wednesday, November 14, 2007 7:21 PM
Subject: Re: [GENERAL] stripping HTML, SQL injections ...
> Martin,
>
> 2000/11/15, Martin Gainty <mgainty(at)hotmail(dot)com>:
> > Scott-
> >
> > In JavaScript
> >
http://www.java2s.com/Tutorial/JavaScript/0520__Regular-Expressions/StripHTM
> > L.htm
>
> I don't remember what the consensus was back in 2000 (your mail's
> timestamp), but in 2007 it's Not A Good Idea to rely on client-side
> validation for security-related operations ;).
>
>
> Regards
>
> Ian Barwick
>
>
> --
> http://sql-info.de/index.html
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Reg Me Please | 2007-11-15 01:21:07 | Variable LIMIT and OFFSET in SELECTs |
| Previous Message | Ian Barwick | 2007-11-15 00:21:45 | Re: stripping HTML, SQL injections ... |