We use it in places already, but really we want to make sure the unwanted data never gets posted, a custom validator is probably our best.
cheers Peter ----- Original Message ----- From: "Thiago HP" <[EMAIL PROTECTED]> To: "Tapestry users" <users@tapestry.apache.org> Sent: Friday, 23 May, 2008 6:12:02 PM GMT +02:00 Athens, Beirut, Bucharest, Istanbul Subject: Re: Tapestry 5 validation for cross site scripting On 5/23/08, Peter Stavrinides <[EMAIL PROTECTED]> wrote: > The data in our database is shared by other apps, so its integrity is most > important and requires extensive validation... therefore I would have to take > a more > defensive approach and filter out unwanted markup upfront. What about using the Output component with its parameter filter set to true? "If true, the default, then output is filtered, escaping any reserved characters. If false, the output is written raw." http://tapestry.apache.org/tapestry5/tapestry-core/ref/org/apache/tapestry/corelib/components/Output.html -- Thiago --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
