[thelist] Using PHP to let folks add comments
Simon Willison
cs1spw at bath.ac.uk
Mon Sep 15 04:24:51 CDT 2003
Tony Crockford wrote:
>> http://simon.incutio.com/archive/2003/02/23/safeHtmlChecker
>
> when I visited that link in Opera 7.2 I got a javascript alert "maybe
> this works" so maybe it doesn't?
Doh! I just checked my Opera version and I'm still testing with 6. I had
a look though and I'm pretty sure the trick that person used (an XML
stylesheet declaration) is filtered out by a bug fix I made to the code
later that day. The current version of the script on the site should
defend against that exploit.
Cheers,
Simon
More information about the thelist
mailing list