[pLog-svn] Lifetype 1.2.8 ...
Mark Wu
markplace at gmail.com
Mon May 5 01:00:45 EDT 2008
> Can you post an example? I am still not getting how
> the server-side is involved. I understand that if I put
> javascript on the admin's site, the javascript would have
> access to stuff, but the browser is supposed to block
> javascript from grabbing stuff from one site and posting it
> to another, right? So, somehow he grabs stuff via
> javascript, posts it to admin.php which then posts stuff to
> another site?
I have no idea either. Reto, if you can provide an example here, that willl
very helpful.
> Sure, that's fine, but as far as I can tell, all inputs
> would be susceptible to the same problem, so fixing one
> variable isn't really a fix.
Not "all" inputs, just those inputs that we use string validator and does
not filtered by htmlfilter( strip tags) or displayed without escape html
special characters ...
I think quite few ..
Mark
More information about the pLog-svn
mailing list