[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-developers] phpgw/ck-erp validation against "<..>"
From: |
C K Wu |
Subject: |
[Phpgroupware-developers] phpgw/ck-erp validation against "<..>" |
Date: |
Tue, 10 Aug 2004 10:12:30 +0800 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510 |
Hi, folks,
I am contemplating adding input validation against "...<..>..." within
CK-ERP environment to minimize the risk of crosss site scripting.
However, I am mindful of the following situation,
page request
-> phpgwapi (requiring <..>)
-> ck-erp modules (rejecting request because of embedded <..>)
-> [in case of normal exit] phpgwapi (requiring <..>)
Would this happen in real operation ? If so, is it a rare occasion,
that I can handle as special cases ?
Any suggestions or comments welcomed.
Cheers,
CK
- [Phpgroupware-developers] phpgw/ck-erp validation against "<..>",
C K Wu <=