Re: XML input control

> Not at all... If the form submits via GET, all I have to do is add  
> a parameter in the URL.
> You *always* have to check for valid input on the server side, else  
> you make attacks
> possible...

OK, I guess you're right. What if we restrict it to the post method  
and  the "multipart/form-data" Content type?


Received on Tuesday, 27 March 2007 12:55:21 UTC