At 5:51p -0500 on 14 Nov 2007, A.M. wrote:
> On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:
>
>> On Nov 14, 2007 2:40 PM, madhtr <[EMAIL PROTECTED]> wrote:
>>> Quick question, are there any native functions in PostGreSQL 8.1.4
>>> that will strip HTML tags, escape chars, etc?
>>
>> I can't thin
madhtr wrote:
> Quick question, are there any native functions in PostGreSQL 8.1.4 that
> will strip HTML tags, escape chars, etc?
Using an SQL function to circumvent SQL injections probably isn't the wisest
of ideas.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
---
Alvaro Herrera ha scritto:
> Martin Gainty escribió:
>> this is a very simple html tag strip routine
>> I dont understand what security you had in mind ..
>>
>> so I take it you're not a fan of dojo or GWT?
>
> Let's say the user disables javascript on the browser?
or more easily, an attacker can
On Nov 14, 2007 4:51 PM, A.M. <[EMAIL PROTECTED]> wrote:
>
>
> On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:
>
> > On Nov 14, 2007 2:40 PM, madhtr <[EMAIL PROTECTED]> wrote:
> >> Quick question, are there any native functions in PostGreSQL 8.1.4
> >> that will
> >> strip HTML tags, escape chars
Martin Gainty escribió:
> this is a very simple html tag strip routine
> I dont understand what security you had in mind ..
>
> so I take it you're not a fan of dojo or GWT?
Let's say the user disables javascript on the browser?
--
Alvaro Herrerahttp://www.advogato.org/
gt;; "pgsql-general"
Sent: Wednesday, November 14, 2007 7:21 PM
Subject: Re: [GENERAL] stripping HTML, SQL injections ...
> Martin,
>
> 2000/11/15, Martin Gainty <[EMAIL PROTECTED]>:
> > Scott-
> >
> > In JavaScript
> >
http://www.java2s.com/Tutorial
Martin,
2000/11/15, Martin Gainty <[EMAIL PROTECTED]>:
> Scott-
>
> In JavaScript
> http://www.java2s.com/Tutorial/JavaScript/0520__Regular-Expressions/StripHTM
> L.htm
I don't remember what the consensus was back in 2000 (your mail's
timestamp), but in 2007 it's Not A Good Idea to rely on client
ber 14, 2007 6:16 PM
Subject: Re: [GENERAL] stripping HTML, SQL injections ...
> On Nov 14, 2007 4:51 PM, A.M. <[EMAIL PROTECTED]> wrote:
> >
> >
> > On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:
> >
> > > On Nov 14, 2007 2:40 PM, madhtr <[EMAIL
On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:
On Nov 14, 2007 2:40 PM, madhtr <[EMAIL PROTECTED]> wrote:
Quick question, are there any native functions in PostGreSQL 8.1.4
that will
strip HTML tags, escape chars, etc?
I can't think of a lot of native functions, but it's sure easy enoug
On Nov 14, 2007 2:40 PM, madhtr <[EMAIL PROTECTED]> wrote:
> Quick question, are there any native functions in PostGreSQL 8.1.4 that will
> strip HTML tags, escape chars, etc?
I can't think of a lot of native functions, but it's sure easy enough
to roll your own with things like the regex function
10 matches
Mail list logo
