W3C home > Mailing lists > Public > www-talk@w3.org > January to February 2000

Re: HTML Security Issue

From: Russell Steven Shawn O'Connor <roconnor@uwaterloo.ca>
Date: Fri, 11 Feb 2000 10:53:31 -0500 (EST)
To: Jeff Sinclair <jeffs@kestral.com.au>
cc: www-talk@w3.org
Message-ID: <Pine.SOL.3.96.1000211105201.24940B-100000@bacon.math.uwaterloo.ca>
On Fri, 11 Feb 2000, Jeff Sinclair wrote:

> Hi Edward,
> Nice Idea but what if the user put's in "&amp" 
> you can't tell the difference between that and what came 
> out of the database. So if you convert it when going into the
> database you get "&amp;amp" and then "&amp;amp;amp" etc 

Um, isn't the the behaviour you want?  Just keep tabs on whether it is
encoded or not.  It's kinda like dealing with URIs.

Russell O'Connor                           roconnor@uwaterloo.ca
``Paradoxically, a refusal to `put a monetary value on life' means that
life is often undervalued.'' -- Artificial Intelligence: A Modern Approach
Received on Friday, 11 February 2000 10:54:46 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:24 UTC