Hi Udara, Sanitizing the user input does not happen yet. I'll look in to that matter. But can you explain a bit about how we can add a prefix to fix this issue?
Thank you On Mon, Oct 26, 2015 at 5:23 PM, Udara Rathnayake <uda...@wso2.com> wrote: > Hi Nipuna, > > Make sure we sanitize all user inputs before rendering. > > On Mon, Oct 26, 2015 at 4:50 PM, Nipuna Chandradasa <nipu...@wso2.com> > wrote: > >> Hi Team, >> >> In the current product-ues, we allow user to change the page id using the >> URL field in the properties menu. This causes multiple issues as we also >> use this page id to process the changes to the page. >> >> I fixed those issues that i could find ... (Seems like now it's working >> fine as to tests i did) >> > Let's merge those changes to trunk. > >> >> Is it a good practice to change a ID of a property and also allow user to >> do the changing? >> > Can't we have a prefix+sanitized user input? > >> Can we keep separate fields for URL and ID in the page object? >> > If we are to use a prefix, is this requirement valid still? > >> >> Appreciate your suggestions and comments. >> >> Thank you. >> -- >> Nipuna Marcus >> *Software Engineer* >> WSO2 Inc. >> http://wso2.com/ - "lean . enterprise . middleware" >> Mobile : +94 (0) 713 667906 >> nipu...@wso2.com >> > > -- Nipuna Marcus *Software Engineer* WSO2 Inc. http://wso2.com/ - "lean . enterprise . middleware" Mobile : +94 (0) 713 667906 nipu...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev