[Maypole-devel] Re: [PATCH] protect Maypole Templates from XSS

Aaron Trevena Tue, 20 Dec 2005 01:49:01 -0800

Hi Kees,

Thanks for the patch,


I guess that is pretty essential for any demo applications we host,
like the beer or book db applications.

I suppose that including it in the factory templates would be pretty
useful but there are a couple of issues I have with that :
* People should be writing their own templates rather than using the
factory ones for most instances (factory templates are probably 25% to
100% slower than a well written template specific to the application)
* Data should be cleansed on the way into the database rather than on
the way out.

On the plus side, it would be quick and easy to apply this change to
the templates as an interim until proper documentation and means are
available to avoid XSS. So unless any other developers object I will
probably apply them, and then make a note that we need to handle xss
problems properly.

Cheers,

A.


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
_______________________________________________
Maypole-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/maypole-devel

[Maypole-devel] Re: [PATCH] protect Maypole Templates from XSS

Reply via email to