Changing to text() should avoid this behavior of XSS. Other thing avoid is
any tag of html.
I dont know if this will cause problems with wysiwyg editors working
together with your plugin.
On Thu, Nov 20, 2008 at 15:20, Rik Lomas <[EMAIL PROTECTED]> wrote:
>
> Thanks Leonardo
>
> On a different f
Thanks Leonardo
On a different forum, it was mentioned that a user could XSS by
entering alert('hello'); into
a field. Should I set the default to text() instead of html() to get
around this or should I try and filter out any script tags?
Rik
2008/11/20 Leonardo K <[EMAIL PROTECTED]>:
> Intere
Interesting idea. Great plugin
On Thu, Nov 20, 2008 at 08:29, <[EMAIL PROTECTED]> wrote:
>
> Hi guys,
>
> I've just finished my new plug-in called magicpreview:
>
> http://rikrikrik.com/jquery/magicpreview/
>
> It's for use in forms and it automagically updates selected elements
> on your page ba
3 matches
Mail list logo
