Hi,
I'm using the save(), saveField() and saveAll() model methods to save
userdata directly to the database.
On some sites I've read that CakePHP does things against XSS, but when
I'm trying to save the standard example xss string
<script type="text/javascript">alert("XSS");</script>
to the database it's saved as it is. So the alert box is shown when e.g.
I just do a findAll() and print it out on a table.
Is there an easy way to solve this issue? Do I have to handle this in
beforeSave? Or can it be done in $validate?
Marcel
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
