Hi Nipuna, Make sure we sanitize all user inputs before rendering.
On Mon, Oct 26, 2015 at 4:50 PM, Nipuna Chandradasa <nipu...@wso2.com> wrote: > Hi Team, > > In the current product-ues, we allow user to change the page id using the > URL field in the properties menu. This causes multiple issues as we also > use this page id to process the changes to the page. > > I fixed those issues that i could find ... (Seems like now it's working > fine as to tests i did) > Let's merge those changes to trunk. > > Is it a good practice to change a ID of a property and also allow user to > do the changing? > Can't we have a prefix+sanitized user input? > Can we keep separate fields for URL and ID in the page object? > If we are to use a prefix, is this requirement valid still? > > Appreciate your suggestions and comments. > > Thank you. > -- > Nipuna Marcus > *Software Engineer* > WSO2 Inc. > http://wso2.com/ - "lean . enterprise . middleware" > Mobile : +94 (0) 713 667906 > nipu...@wso2.com >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev