Re: XML input control from Andrey Nikanorov on 2007-03-27 (public-html@w3.org from March 2007)

From: Andrey Nikanorov <andrey@nikanorov.com>
Date: Tue, 27 Mar 2007 16:45:00 +0400
To: Alexander Graf <a.graf@aetherworld.org>
Cc: public-html@w3.org
Message-Id: <8B53DA96-4260-4DB8-B6FA-BB400670B8A3@nikanorov.com>

+1
And don't send forms via GET at all. =)

On 27.03.2007, at 16:37, Alexander Graf wrote:

> Not at all... If the form submits via GET, all I have to do is add  
> a parameter in the URL.
> You *always* have to check for valid input on the server side, else  
> you make attacks
> possible...

Andrey Nikanorov
andrey@nikanorov.com
http://nikanorov.com

Received on Tuesday, 27 March 2007 18:23:47 UTC