You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rivet-user@tcl.apache.org by crouzilles <cr...@gmail.com> on 2008/01/21 11:57:15 UTC
XSS and html injections
Is Rivet XSS safe? If so, to what length can we trust it to be XSS safe?
I personally do not mind if it is not, I can always make changes to make it
safe, but I thought this question might bring XSS to the attention of other
users.
Thank you.
Crouzilles
--
View this message in context: http://www.nabble.com/XSS-and-html-injections-tp14995036p14995036.html
Sent from the Rivet - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-user-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-user-help@tcl.apache.org
Re: XSS and html injections
Posted by David Welton <da...@gmail.com>.
On Jan 21, 2008 11:57 AM, crouzilles <cr...@gmail.com> wrote:
>
> Is Rivet XSS safe? If so, to what length can we trust it to be XSS safe?
>
> I personally do not mind if it is not, I can always make changes to make it
> safe, but I thought this question might bring XSS to the attention of other
> users.
Hi,
Sorry to create some extra work for you, but would you mind
subscribing to, and reposting to rivet-dev? I suppose we should close
this list and direct traffic to the other one, so that everyone is on
one list.
As far as I know, most XSS problems are caused by the application, not
the lower level tool. Rivet doesn't really go out of its way to stop
you from doing stupid things, but if I recall correctly there is some
support for escaping things properly.
--
David N. Welton
http://www.welton.it/davidw/
http://www.dedasys.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: rivet-dev-unsubscribe@tcl.apache.org
For additional commands, e-mail: rivet-dev-help@tcl.apache.org