Hi,
I have a field username in a form.
I save this field with something like
[users]usrName:=_form{“name"}
Save record[users]
Now my customer (a town) has had a penetration-test and the folks which have
done it say, there ist a problem when somebody writes in his username something
like this:
xxx”><script>alert(‘xss in user’);</script>
Next time I open the user record, there ist then a Dialog with “xss in user”.
What is a easy way to check for characters not allowed?
Grüße/regards
Norbert
Norbert Pfaff
Hammelstalstr. 52
67098 Bad Dürkheim
Fon: 06322 9108028
Skype: npfaff
eMail: [email protected]
_______________________________________________
Active4D-dev mailing list
[email protected]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
