I think I tried it because I couldn't see data being escaped on the DB - perhaps there a config setting I have overlooked?
I decided to test it further. Without calling sanitize from a beforeSave() function within app_model I entered a javascript string into an input field, just simple script tags and an alert message. I thought that if this js strong was saved to the DB and was executed when viewed, this would be a 'bad thing'. Is that a reasonable thing to think? Without my beforeSave() method when I saved the data and then viewed it the alert popped up, ie the js was executed. With my beforeSave() method the js string was converted into entities and not executed. Do we think that is a fair and reasonable test? BTW, I just put the pagination helper in place - auto-sort data, pagination and AJAX support and it took all of about 10mins to do. I was gobsmacked - just fantastic. ianh --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
