Re: Tapestry 5 validation for cross site scripting

2008-05-25 Thread 9902468
rkup upfront. > > - Original Message - > From: "9902468" <[EMAIL PROTECTED]> > To: users@tapestry.apache.org > Sent: Friday, 23 May, 2008 3:40:20 PM GMT +02:00 Athens, Beirut, > Bucharest, Istanbul > Subject: Re: Tapestry 5 validation for cross site scripting >

Re: Tapestry 5 validation for cross site scripting

2008-05-23 Thread Martin Strand
I wrote a webmail app once, where cross site scripting was a concern for html email messages. I parsed the html message to a dom with htmlcleaner, then removed all

Re: Tapestry 5 validation for cross site scripting

2008-05-23 Thread Peter Stavrinides
est, Istanbul Subject: Re: Tapestry 5 validation for cross site scripting Using the "parseClient" event, you could intercept the string submitted by the user and do the filtering before the value is assigned to a page property. You could also design a translator for this purpose. On

Re: Tapestry 5 validation for cross site scripting

2008-05-23 Thread Peter Stavrinides
2008 6:12:02 PM GMT +02:00 Athens, Beirut, Bucharest, Istanbul Subject: Re: Tapestry 5 validation for cross site scripting On 5/23/08, Peter Stavrinides <[EMAIL PROTECTED]> wrote: > The data in our database is shared by other apps, so its integrity is most > important and requires extensiv

Re: Tapestry 5 validation for cross site scripting

2008-05-23 Thread Howard Lewis Ship
Using the "parseClient" event, you could intercept the string submitted by the user and do the filtering before the value is assigned to a page property. You could also design a translator for this purpose. On Fri, May 23, 2008 at 3:41 AM, Peter Stavrinides <[EMAIL PROTECTED]> wrote: > Hi All > >

Re: Tapestry 5 validation for cross site scripting

2008-05-23 Thread Thiago HP
On 5/23/08, Peter Stavrinides <[EMAIL PROTECTED]> wrote: > The data in our database is shared by other apps, so its integrity is most > important and requires extensive validation... therefore I would have to take > a more > defensive approach and filter out unwanted markup upfront. What about us

Re: Tapestry 5 validation for cross site scripting

2008-05-23 Thread Peter Stavrinides
D]> To: users@tapestry.apache.org Sent: Friday, 23 May, 2008 3:40:20 PM GMT +02:00 Athens, Beirut, Bucharest, Istanbul Subject: Re: Tapestry 5 validation for cross site scripting Hi, we have always done it so that user can input anything they like, but when the page renders some marks like <

Re: Tapestry 5 validation for cross site scripting

2008-05-23 Thread 9902468
specifically for this? > > Thanks > Peter > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Tapestry-5-validation-for-cross-site-

Tapestry 5 validation for cross site scripting

2008-05-23 Thread Peter Stavrinides
Hi All Can anyone offer suggestions on best practice for handling validation specifically for preventing cross site scripting and code injection etc in Tapestry applications. Is there anything built into the framework I could use... if not what is the best way to plug something of my own in. Wh