You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rivet-user@tcl.apache.org by crouzilles <cr...@gmail.com> on 2008/01/21 11:57:15 UTC

XSS and html injections

Is Rivet XSS safe? If so, to what length can we trust it to be XSS safe?

I personally do not mind if it is not, I can always make changes to make it
safe, but I thought this question might bring XSS to the attention of other
users.

Thank you.

Crouzilles
-- 
View this message in context: http://www.nabble.com/XSS-and-html-injections-tp14995036p14995036.html
Sent from the Rivet - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-user-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-user-help@tcl.apache.org

Re: XSS and html injections

Posted by David Welton <da...@gmail.com>.

On Jan 21, 2008 11:57 AM, crouzilles <cr...@gmail.com> wrote:
>
> Is Rivet XSS safe? If so, to what length can we trust it to be XSS safe?
>
> I personally do not mind if it is not, I can always make changes to make it
> safe, but I thought this question might bring XSS to the attention of other
> users.

Hi,

Sorry to create some extra work for you, but would you mind
subscribing to, and reposting to rivet-dev?  I suppose we should close
this list and direct traffic to the other one, so that everyone is on
one list.

As far as I know, most XSS problems are caused by the application, not
the lower level tool.  Rivet doesn't really go out of its way to stop
you from doing stupid things, but if I recall correctly there is some
support for escaping things properly.

-- 
David N. Welton

http://www.welton.it/davidw/

http://www.dedasys.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org