I can't seem to find the specific example I was looking for, but I did find this when looking back in my database for one of the tests I did:
¼script¾alert(¢Another Test¢)¼/script¾ It didn't seem to cause a problem, though I don't know if that's because of some PHP or Apache setting; my fear is that what doesn't cause a program for my local setup might cause a problem when deployed on a server that is configured differently. I could have sworn I saw the above example at... http://ha.ckers.org/xss.html ...yesterday, but I can't seem to find it now. Incidentally, the site I linked above is supposedly referenced in that OWASP site you mentioned (in the appendix). I'll have to take a look at that site as well. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---