- From: Edward Z. Yang <edwardzyang@thewritingpot.com>
- Date: Wed, 23 Jul 2008 19:29:54 -0600
Frode B?rli wrote: > <td colspan='javascript(a + 5)'></td> > > Where a javascript returns the value in the colspan attribute. Many > server side HTML sanitizers would have to be updated - unless we > introduce a proper sandbox. Or the HTML sanitizer could have done things properly and checked if colspan was a numeric value. :-) Disclaimer: I am one of those authors of server side HTML sanitizers you speak of.
Received on Wednesday, 23 July 2008 18:29:54 UTC