Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escaping of user input #1

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Escaping of user input #1

wants to merge 4 commits into from

Conversation

lefloh
Copy link

@lefloh lefloh commented Feb 18, 2016

Hello,

I think this tutorial should show best practices and should not be prone to XSS. This PR escapes user input via ${mvc.encoders.html(input)}. Therefore I upgraded Ozark to 1.0.0-m02.

best regards
Flo

@mscharhag
Copy link
Owner

Hi lefloh,

thanks for your pull request. You are right that the examples should not be prone to XSS.
I will look into this but please note that this may take some time (I probably need to update some blog posts related to the examples).

Cheers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants