You are viewing a plain text version of this content. The canonical link for it is here.

Posted to embperl@perl.apache.org by Pete Moran <pe...@uniplexds.co.uk> on 2006/01/24 13:29:33 UTC

Cross Site Scripting

I know there is probably a simple answer – according to the docs if I set
EMBPERL_ESCMODE to 4, then it should fix any cross site scripting.

However if I have a text field called guess, and pass the following line 

 

?guess=%22%3E%3Cscript%3Ealert('vorsichtfalle!')%3C/script%3E%3C%22

 

The alert will appear – how can I disable this behavior, but keep the normal
fdat form population ?

 

 


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.22/238 - Release Date: 23/01/2006