- From: Andrey Nikanorov <andrey@nikanorov.com>
- Date: Tue, 27 Mar 2007 16:45:00 +0400
- To: Alexander Graf <a.graf@aetherworld.org>
- Cc: public-html@w3.org
+1 And don't send forms via GET at all. =) On 27.03.2007, at 16:37, Alexander Graf wrote: > Not at all... If the form submits via GET, all I have to do is add > a parameter in the URL. > You *always* have to check for valid input on the server side, else > you make attacks > possible... Andrey Nikanorov andrey@nikanorov.com http://nikanorov.com
Received on Tuesday, 27 March 2007 18:23:47 UTC