- From: Nils Dagsson Moskopp <nils-dagsson-moskopp@dieweltistgarnichtso.net>
- Date: Tue, 16 Dec 2008 15:40:35 +0100
Am Dienstag, den 16.12.2008, 14:22 +0000 schrieb Philip Taylor: > On Tue, Dec 16, 2008 at 2:15 PM, Nils Dagsson Moskopp > <nils-dagsson-moskopp at dieweltistgarnichtso.net> wrote: > > As I said, invalid input should be rejected in the first place. When I > > write a blog post, I usually catch errors like this when I click on the > > "preview" button and its all yellow. > > But you still accept user input that can lead to ill-formed output, > like in http://blog.dieweltistgarnichtso.net/?s=%ef%bf%bf :-) > (That particular case probably doesn't affect anyone other than the > user who enters that URL, but it's a pain whenever the user input is > displayed back to other users or shown in admin interfaces, and very > few people seem to implement it correctly in practice.) Please, its Wordpress ! Those are the people that use eval() when parsing input. I already have hacked a bit and will no doubt do something about input as soon as my HTML5 theme based on sandbox is ready. In the meantime, don't input this character in the comments, I've not really thrilled to see that stuff implode. Oh and btw, my own web app *will* reject input and / or normalize it (whenever it is done, with which I mean: I first have to sort out some issues with the database ...). Greetings -- Nils Dagsson Moskopp <http://dieweltistgarnichtso.net>
Received on Tuesday, 16 December 2008 06:40:35 UTC