Ticket #6097: 6097.diff

File 6097.diff, 700 bytes (added by simeon, 10 years ago)
  • docs/templates.txt

    340340Clearly, user-submitted data shouldn't be trusted blindly and inserted directly
    341341into your Web pages, because a malicious user could use this kind of hole to
    342342do potentially bad things. This type of security exploit is called a
    343 Cross Site Scripting`_ (XSS) attack.
     343`Cross Site Scripting`_ (XSS) attack.
     345.. _Cross Site Scripting: http://en.wikipedia.org/wiki/Cross-site_scripting
    345347To avoid this problem, you have two options:
    347349    * One, you can make sure to run each untrusted variable through the
Back to Top