W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2000

Re: HTML Security Issue

From: Russell Steven Shawn O'Connor <roconnor@uwaterloo.ca>
Date: Fri, 11 Feb 2000 10:53:31 -0500 (EST)
To: Jeff Sinclair <jeffs@kestral.com.au>
cc: www-talk@w3.org
Message-ID: <Pine.SOL.3.96.1000211105201.24940B-100000@bacon.math.uwaterloo.ca>
On Fri, 11 Feb 2000, Jeff Sinclair wrote:

> Hi Edward,
> 
> Nice Idea but what if the user put's in "&amp" 
> you can't tell the difference between that and what came 
> out of the database. So if you convert it when going into the
> database you get "&amp;amp" and then "&amp;amp;amp" etc 

Um, isn't the the behaviour you want?  Just keep tabs on whether it is
encoded or not.  It's kinda like dealing with URIs.

-- 
Russell O'Connor                           roconnor@uwaterloo.ca
       <http://www.undergrad.math.uwaterloo.ca/~roconnor/>
``Paradoxically, a refusal to `put a monetary value on life' means that
life is often undervalued.'' -- Artificial Intelligence: A Modern Approach
Received on Friday, 11 February 2000 10:54:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:24 GMT