As long as you're allowed to write your own code, nothing is safe, but one thing web2py does to help protect against XSS attacks is to automatically escape all content inserted in views.
Anthony On Thursday, May 12, 2016 at 4:14:00 PM UTC-4, Steve Joe wrote: > > how? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
