W3C home > Mailing lists > Public > public-html@w3.org > January to March 2007

Re: XML input control

From: Andrey Nikanorov <andrey@nikanorov.com>
Date: Tue, 27 Mar 2007 16:45:00 +0400
Message-Id: <8B53DA96-4260-4DB8-B6FA-BB400670B8A3@nikanorov.com>
Cc: public-html@w3.org
To: Alexander Graf <a.graf@aetherworld.org>

+1
And don't send forms via GET at all. =)

On 27.03.2007, at 16:37, Alexander Graf wrote:

> Not at all... If the form submits via GET, all I have to do is add  
> a parameter in the URL.
> You *always* have to check for valid input on the server side, else  
> you make attacks
> possible...

Andrey Nikanorov
andrey@nikanorov.com
http://nikanorov.com
Received on Tuesday, 27 March 2007 18:23:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2007 18:24:06 GMT