W3C home > Mailing lists > Public > public-html@w3.org > January to March 2007

Re: XML input control

From: Henrik Dvergsdal <henrik.dvergsdal@hibo.no>
Date: Tue, 27 Mar 2007 14:54:38 +0200
Message-Id: <A27A0E2F-93AC-4912-B9D7-79C563D550D6@hibo.no>
To: public-html@w3.org

> Not at all... If the form submits via GET, all I have to do is add  
> a parameter in the URL.
> You *always* have to check for valid input on the server side, else  
> you make attacks
> possible...

OK, I guess you're right. What if we restrict it to the post method  
and  the "multipart/form-data" Content type?

--
Henrik
Received on Tuesday, 27 March 2007 12:55:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2007 12:55:25 GMT