On Fri, 2006-03-17 at 19:58 -0500, Gonzalo Paniagua Javier wrote: > On Fri, 2006-03-10 at 09:53 -0500, Chris Toshok wrote: > > I just read in the Shackow's asp.net 2.0 security book about this, > > actually. He says that the three sequences that result in rejecting a > > string are: > > > > 1. a < followed by a ! > > 2. a < followed by the letters a-z (upper or lowercase) > > 3. a & followed by a # > > > > Did your testing reveal that 3 wasn't used? I was planning to commit a > > change that does the above 3 checks today. > > Btw, you also have to check for those unicode characters which > correspond to a '<' and '>'.
I added the unicode character for '<', but didn't put checks in for either '>' or its corresponding unicode. Are those really an issue? Chris _______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list