Ticket #6097: 6097.diff

File 6097.diff, 700 bytes (added by simeon, 8 years ago)
  • docs/templates.txt

     
    340340Clearly, user-submitted data shouldn't be trusted blindly and inserted directly
    341341into your Web pages, because a malicious user could use this kind of hole to
    342342do potentially bad things. This type of security exploit is called a
    343 Cross Site Scripting`_ (XSS) attack.
     343`Cross Site Scripting`_ (XSS) attack.
    344344
     345.. _Cross Site Scripting: http://en.wikipedia.org/wiki/Cross-site_scripting
     346
    345347To avoid this problem, you have two options:
    346348
    347349    * One, you can make sure to run each untrusted variable through the
Back to Top