Edgewall Software

Changes between Version 66 and Version 67 of GenshiTutorial


Ignore:
Timestamp:
Sep 3, 2007, 11:14:32 PM (17 years ago)
Author:
cmlenz
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GenshiTutorial

    v66 v67  
    13451345=== Allowing Markup in Comments ===
    13461346
     1347At this point we allow users to post plain text comments, but those comments can't include niceties such as hyperlinks or HTML inline formatting (emphasis, etc). A very naive application would simply accept HTML tags in the input, and pass those tags through in the output. That is generally a bad thing, however, as it opens up your site to cross-site scripting (XSS) attack, which can undermine any security measures you try put into effect.
     1348
     1349  (''Note that as Geddit allows anyone to do anything, we don't actually have any valuable assets to protect, so this exercise is somewhat theoretical. Just imagine we required users to register to submit links or post comments for the next sections.'')
     1350
    13471351'''TODO''':
    13481352 * Details on escaping