W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2000

Re: HTML Security Issue

From: Jeff Sinclair <jeffs@kestral.com.au>
Date: Fri, 11 Feb 2000 17:16:45
Message-Id: <3.0.5.32.20000211171645.00a1dd70@melb1>
To: www-talk@w3c.org
Hi Edward,

Nice Idea but what if the user put's in "&amp" 
you can't tell the difference between that and what came 
out of the database. So if you convert it when going into the
database you get "&amp;amp" and then "&amp;amp;amp" etc 

Jeff Sinclair

>
>Why not also convert '&' characyters entered by the user into '&amp;'
>entities, then when it is reconverted, a '<' will be a '<' and a '&lt;'
>will be '&lt;'
>
Received on Friday, 11 February 2000 04:11:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:24 GMT