[Phpgroupware-developers] phpgw/ck-erp validation against "<..>"

phpgroupware-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-developers] phpgw/ck-erp validation against "<..>"

From:	C K Wu
Subject:	[Phpgroupware-developers] phpgw/ck-erp validation against "<..>"
Date:	Tue, 10 Aug 2004 10:12:30 +0800
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040510

Hi, folks,

I am contemplating adding input validation against "...<..>..." withinCK-ERP environment to minimize the risk of crosss site scripting.


However, I am mindful of the following situation,

page request
-> phpgwapi (requiring <..>)
-> ck-erp modules (rejecting request because of embedded <..>)
-> [in case of normal exit] phpgwapi (requiring <..>)

Would this happen in real operation ? If so, is it a rare occasion,that I can handle as special cases ?


Any suggestions or comments welcomed.

Cheers,
CK

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-developers] phpgw/ck-erp validation against "<..>", C K Wu <=
- Re: [Phpgroupware-developers] phpgw/ck-erp validation against "<..>", Chris Weiss, 2004/08/11

Prev by Date: Re: [Phpgroupware-developers] Visual Template Conflict
Next by Date: Re: [Phpgroupware-developers] phpgw/ck-erp validation against "<..>"
Previous by thread: [Phpgroupware-developers] phpGroupWare.org is back on the air
Next by thread: Re: [Phpgroupware-developers] phpgw/ck-erp validation against "<..>"
Index(es):
- Date
- Thread