W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2000

Re: HTML Security Issue

From: Jeff Sinclair <jeffs@kestral.com.au>
Date: Fri, 11 Feb 2000 17:16:45
Message-Id: <>
To: www-talk@w3c.org
Hi Edward,

Nice Idea but what if the user put's in "&amp" 
you can't tell the difference between that and what came 
out of the database. So if you convert it when going into the
database you get "&amp;amp" and then "&amp;amp;amp" etc 

Jeff Sinclair

>Why not also convert '&' characyters entered by the user into '&amp;'
>entities, then when it is reconverted, a '<' will be a '<' and a '&lt;'
>will be '&lt;'
Received on Friday, 11 February 2000 04:11:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:33:02 UTC