help: Problem with cgi form
Jon Ribbens
jon+usenet at unequivocal.co.uk
Mon Feb 25 18:03:35 EST 2002
More information about the Python-list mailing list
Mon Feb 25 18:03:35 EST 2002
- Previous message (by thread): help: Problem with cgi form
- Next message (by thread): help: Problem with cgi form
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In article <3C7AAF31.8040201 at mxm.dk>, Max M wrote: > And then print it to the form like: > > print '<INPUT TYPE=HIDDEN NAME= "last_pos" VALUE='%s'>' % last_byte_pos Beware that, in general, that is a bug. You are open to Cross Site Scripting attacks. Even in the absence of these, if the value happens to contain characters significant to HTML (such as '"', '&', '>', etc) then your program will go wrong.
- Previous message (by thread): help: Problem with cgi form
- Next message (by thread): help: Problem with cgi form
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list