Do you mean the issue of malicious HTML tags? I wonder what would be the best way to prevent those?
thanks, mai On Jul 11, 2011, at 6:36 PM, George Domurot wrote: > If you output strings with escapeHTML=false, you could have an issue. > You may want to consider stripping all potential tags from strings prior to > rendering, or at the time of entry. > > -G > > On Jul 11, 2011, at 6:01 PM, Mai Nguyen wrote: > >> Hello, >> I have found some good information about WebObjects and security at the >> following wiki link: >> >> http://en.wikibooks.org/wiki/WebObjects/Web_Applications/Development/Authentication_and_Security >> >> However, there is no mention about SQL injections which seems to be an >> active subject lately. Is WebObjects pretty safe, as there is no need to >> generate SQL directly and access to the DB is going through the EOs normally? >> Are there any other loopholes that I am not aware of? >> About the following article: >> http://support.apple.com/kb/TA26730?viewlocale=en_US >> Would the normal WebObjects behavior be pretty safe if one does not allow >> the user to enter HTML tags? Does Project Wonder do something in this area? >> >> Many thanks for your advice, >> >> -mai _______________________________________________ >> Do not post admin requests to the list. They will be ignored. >> Webobjects-dev mailing list ([email protected]) >> Help/Unsubscribe/Update your Subscription: >> http://lists.apple.com/mailman/options/webobjects-dev/george%40boxofficetickets.com >> >> This email sent to [email protected] > _______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
