Hello Howard,
Thanks for the information.
Thanks,
Eric
On Tue, Aug 19, 2008 at 1:18 PM, Howard Lewis Ship [EMAIL PROTECTED] wrote:
Tapestry mostly captures this on the output side; that is, when you
output a string (using, say ${property} expansion), the output is
filtered; the key HTML
Hello Howard,
Does Tapestry provide any way to do this on input, even if it is just for
all form data that is submitted? Perhaps being able to wire an interceptor
of some form in?
Thanks,
Eric
On Thu, Aug 21, 2008 at 11:57 AM, Eric Rogers [EMAIL PROTECTED] wrote:
Hello Howard,
Thanks for
It's not typical to html escape input. HTML is about presentation and
most input is just input. In other words, you want to HTML escape just
before presenting the input to the user but not store the input escaped
(at least I think that's what most applications use).
Tapestry does already HTML
Thanks, greatly appreciated.
Eric
On Thu, Aug 21, 2008 at 12:27 PM, Martijn Brinkers (List)
[EMAIL PROTECTED] wrote:
It's not typical to html escape input. HTML is about presentation and
most input is just input. In other words, you want to HTML escape just
before presenting the input to
Hello All,
I am using Tapestry 5.0.14 and am looking to filter input in my Tapestry
application for characters related to cross-site scripting. Some input is
from regular form submission, while other input is received using AJAX event
listeners and JSON. I realize that one can use a custom
Tapestry mostly captures this on the output side; that is, when you
output a string (using, say ${property} expansion), the output is
filtered; the key HTML entities, , and , are converted to
proper entities: lt;, etc.
On Tue, Aug 19, 2008 at 11:11 AM, Eric Rogers [EMAIL PROTECTED] wrote:
Hello