Tapestry mostly captures this on the output side; that is, when you output a string (using, say ${property} expansion), the output is filtered; the key HTML entities, "<", "&" and ">", are converted to proper entities: "<", etc.
On Tue, Aug 19, 2008 at 11:11 AM, Eric Rogers <[EMAIL PROTECTED]> wrote: > Hello All, > > I am using Tapestry 5.0.14 and am looking to filter input in my Tapestry > application for characters related to cross-site scripting. Some input is > from regular form submission, while other input is received using AJAX event > listeners and JSON. I realize that one can use a custom translator to scrub > any unwanted characters from input for a given field. However, I was > wondering if anyone has come across a more general pattern or strategy to do > this for both form and JSON input without having to explicitly define a > translator for form fields, and manually call some method to do the same for > a JSONObject. > > Thanks, > > Eric > -- Howard M. Lewis Ship Creator Apache Tapestry and Apache HiveMind --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]