Thank you both for the help and advice, things are working perfectly
now.
On Jun 30, 9:25 am, Ross Peoples wrote:
> I did something similar to demonstrate common vulnerabilities, such as SQL
> injection and changing hidden values in forms before submission. It was
> really tough to make this app
I did something similar to demonstrate common vulnerabilities, such as SQL
injection and changing hidden values in forms before submission. It was
really tough to make this app with web2py, as I had to skirt around most of
the framework to make it happen. This is a GOOD THING though. I learned a
Also, I think all the escaping is done by web2py's template engine, so you
could avoid the escaping by skipping use of templates. To do that, have your
controller action return a string of (unsafe) HTML instead of a dictionary
of values to pass to a view -- the HTML string will be returned as th
Anything you put inside XML() will not be escaped (unless you set its
sanitize argument to True). See
http://web2py.com/book/default/chapter/05#XML.
Anthony
On Wednesday, June 29, 2011 3:30:33 PM UTC-4, David Schoenheit wrote:
> Hi,
>
> I am using web2py to write an intentionally vulnerable
4 matches
Mail list logo
