[thelist] xssi serving up separate css
The Optimizer
chrism at puffofsmoke.net
Fri Oct 12 11:31:57 CDT 2001
[..]
> >> I think you mean "meaningless data" here ;)
> >
> >I assume from the emoticon you're joking, but consider the
> implications of
>
> Ok. I see where I went wrong. I'm reading "trivial matter" in the wrong
> sense. This comment makes sense:
>
> "It is a trivial matter [for the developer] to bypass Javascript
> validation [with server side validation] in order to populate
> a database with meaningful code."
>
> I was instead reading it as:
>
> "It is a trivial matter [for a malicious user] to bypass
> Javascript validation in order to populate a database
> with meaningful code."
>
> And that's what didn't make sense to me.
Why not? You are placing accent on the wrong thing. JavaScript validation =
No validation. Thus what I was getting at was that if no validation takes
place, then it can be far more damaging for the site owner than simply
having meaningless data in hir database. I have witnessed live sites that
offer JavaScript/No validation, therefore some website owners are unaware of
this. Given that this mailing list accounts for experts and newbies alike
IMHO it was a valid tip.
Regards
Chris Marsh
More information about the thelist
mailing list