simon
On Wednesday, February 12, 2003, at 12:39 PM, Tod Harter wrote:
As for the way they deal with object model binding and such, I'm not really
sure that it makes a lot of sense. My experience, which parlty comes out of
being on the OWASP input filtering project, was that a seperate XSP taglib
that lets you specify 'assertions' about input is better. I have a simple one
(pitifully simple, but I'd be happy to have some people comment on it) which
does this. So for input validation you just have XSP tags like
<assert:numeric><param:mynumberonlyfield/></assert:numeric>
which returns either its input, or throws an assertion error. Other tags do
similar things, and you can easily build tags that do transforms as well
(thus I have one that strips tags from input, etc.).
--- www.simonwoodside.com <http://ThisURLEnablesEmailToGetThroughOverzealousSpamFilters.org>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]