I had a user report that, in some circumstances, it is possible to supply weird parameters on a request to my Mason app and inject random HTML into my pages.
Now, obviously I should be examining all parameters as they are passed in, and I should be escaping them if I just print them out (via |h). But I am not. And there are hundreds of pages. So I was wondering.... is there a way to have my master autohandler examine the ARGS hash and clean out anything nasty? I don't seem to be able to modify the values in %ARGS in a way that makes those modifications available globally... Any ideas? Or, better yet, is there some option that I can just enable that would do magic CGI parameter cleaning? -- Shane McCarron halindr...@gmail.com
------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Discover what all the cheering's about. Get your free trial download today. http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________ Mason-users mailing list Mason-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mason-users
