PHP - security etc
David Cantrell
david at cantrell.org.uk
Wed Mar 7 21:10:49 GMT 2007
On Wed, Mar 07, 2007 at 05:20:31PM +0000, Dominic Mitchell wrote:
> You're creating a damned web page. You need to escape pretty much
> everything. Not escaping things should be the exception, rather than
> the other way around. Otherwise it gets forgotten and guess what? Lots
> of XSS attacks. Yay!
I don't understand "XSS" attacks. Anyone permitting random strangers to
embed *whatever the fuck they like* in his site has FAR bigger problems
than that his users might run some bit of Javascript they don't want.
--
David Cantrell | Enforcer, South London Linguistic Massive
Computer Science is about lofty design goals and careful algorithmic
optimisation. Sysadminning is about cleaning up the resulting mess.
More information about the london.pm
mailing list