On 9/26/05, John Krystynak <[EMAIL PROTECTED]> wrote: > Nice stuff. > > I have a question about validation. How would you ensure that form fields > don't have bad html or SQL injection? > > I tried the beer form, and it accepts things like html tags, and form > elements. Some strange thing happen when you > do that...
SQL Injection is an issue for the Model, in class-dbi that is handled through use of Ima::DB and DBI placeholders iirc but there may be chinks in the armour - I've never audited it myself and would be very interested in any potential sql injection attacks HTML and JS injection is another matter, depending on what the content is being used for. I would like to provide some kind of safe html and plantext untaint functionality. This probably should be in 2.12 as 2.11 should be released shortly with many fixes and ease-of-use improvements - any documentation fixes for this would be much appreciated - send to dave howorth, david baird or myself. cheers, A. ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Maypole-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/maypole-users
