You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Pete Moran <pe...@uniplexds.co.uk> on 2006/01/24 13:29:33 UTC
Cross Site Scripting
I know there is probably a simple answer – according to the docs if I set
EMBPERL_ESCMODE to 4, then it should fix any cross site scripting.
However if I have a text field called guess, and pass the following line
?guess=%22%3E%3Cscript%3Ealert('vorsichtfalle!')%3C/script%3E%3C%22
The alert will appear – how can I disable this behavior, but keep the normal
fdat form population ?
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.14.22/238 - Release Date: 23/01/2006