Hello,
I am reposting this question and the answer for the benefit
of everybody. I
used the rivet-user mailing list previously and was made
aware that
rivet-dev is probably going to be the only one available
soon, so here it
goes.
> Is Rivet XSS safe? If so, to what length can we trust
it to be XSS safe?
>
> I personally do not mind if it is not, I can always
make changes to make
> it
> safe, but I thought this question might bring XSS to
the attention of
> other
> users.
Hi,
Sorry to create some extra work for you, but would you mind
subscribing to, and reposting to rivet-dev? I suppose we
should close
this list and direct traffic to the other one, so that
everyone is on
one list.
As far as I know, most XSS problems are caused by the
application, not
the lower level tool. Rivet doesn't really go out of its
way to stop
you from doing stupid things, but if I recall correctly
there is some
support for escaping things properly.
Crouzilles
--
View this message in context: http://www.nabble.com/XSS-and-html-injectio
n-tp14997480p14997480.html
Sent from the Rivet - Dev mailing list archive at
Nabble.com.
------------------------------------------------------------
---------
To unsubscribe, e-mail: rivet-dev-unsubscribe tcl.apache.org
For additional commands, e-mail: rivet-dev-helptcl.apache.org
|