For ajax queries
On May 25, 4:58 pm, Anthony <abasta...@gmail.com> wrote:
> By default, web2py already escapes all variables rendered in views to
> prevent XSS -- what additional protection does this provide?
>
>
>
>
>
>
>
> On Wednesday, May 25, 2011 10:32:30 AM UTC-4, Alexandre Strzelewicz wrote:
> > It could be a good idea to add a decorator to escape all requested
> > variables to avoid xss no ?
>
> > Actually I do :
>
> > In controller :
>
> > xss = local_import('xss')
>
> > def new_widget():
> > can_modify()
> > # Xss
> > prevention
> > for req in request.vars:
> > request.vars[req] = xss.xssescape(request.vars[req])
> > [...]
>
> > In modules/xss.py :
>
> >http://pastie.org/1971510
