subject:"Turn off HTML encoding"

Re: Turn off HTML encoding

2013-11-29 Thread Thiago H de Paula Figueiredo

On Fri, 29 Nov 2013 06:37:48 -0200, Nathan Quirynen wrote: What Tapestry now does for encoding is following if I'm right: in *org.apache.tapestry5.dom.MarkupModel.encode(String)* it encodes only *<*, *>* and *&* which is not enough following OWASP XSS Prevention Sheet

Re: Turn off HTML encoding

2013-11-29 Thread Nathan Quirynen

What Tapestry now does for encoding is following if I'm right: in *org.apache.tapestry5.dom.MarkupModel.encode(String)* it encodes only *<*, *>* and *&* which is not enough following OWASP XSS Prevention Sheet

Re: Turn off HTML encoding

2013-11-15 Thread Bob Harner

Sounds like you need to use the OutputRaw component On Nov 15, 2013 3:18 AM, "Nathan Quirynen" wrote: > > Hi, > > Tapestry automatically encodes HTML like < to < , which is nice as a > part of XSS prevention. But we also have some own javascript components > where this doesnt happen automatically

Turn off HTML encoding

2013-11-15 Thread Nathan Quirynen

Hi, Tapestry automatically encodes HTML like < to < , which is nice as a part of XSS prevention. But we also have some own javascript components where this doesnt happen automatically (JSON data). Is it possible to disable this encoding, so I can just do the encoding myself at the moment of data

Re: Turn off HTML encoding

Re: Turn off HTML encoding

Re: Turn off HTML encoding

Turn off HTML encoding

4 matches

Site Navigation

Mail list logo

Footer information