Home > mailing lists

Re: stripping HTML, SQL injections ... - Mailing list pgsql-general

From	Ottavio Campana
Subject	Re: stripping HTML, SQL injections ...
Date	November 15, 2007 08:12:26
Msg-id	473C0D7B.40606@campana.vi.it Whole thread Raw
In response to	Re: stripping HTML, SQL injections ... (Alvaro Herrera <alvherre@alvh.no-ip.org>)
List	pgsql-general

Tree view

Alvaro Herrera ha scritto:
> Martin Gainty escribió:
>> this is a very simple html tag strip routine
>> I dont understand what security you had in mind ..
>>
>> so I take it you're not a fan of dojo or GWT?
>
> Let's say the user disables javascript on the browser?

or more easily, an attacker can use the firefox web developer toolbar to
manipulate forms data...

--
Non c'e' piu' forza nella normalita', c'e' solo monotonia.

Attachment

signature.asc

pgsql-general by date:

From: "சிவகுமார் மா"
Date: 15 November 2007, 06:54:09
Subject: Enforcing Join condition

From: "Abraham, Danny"
Date: 15 November 2007, 09:25:38
Subject: Chunk Delete

Re: stripping HTML, SQL injections ... - Mailing list pgsql-general

Attachment

Previous

Next