I'm searching for resolutions to the ever present threat of XSS and have read this post. An additional "booger" is when you have users that want to include angle brackets, especially with financial data or any other where comparison is made. For example, "probably of this aware is < 100%, but >= 80%. Please advise."
This is a common type comment made in one of our cost type applications. Unless the field is HTML, the < conversion won't work - it will take the literal '<' and display.
Add the dual complexity of storing data and then in a view or elsewhere hyperlinking part of that data for a clickable URL to open it or whatever. I would love to hear what the latest goings on are for this.
I'm searching for resolutions to the ever present threat of XSS and have read this post. An additional "booger" is when you have users that want to include angle brackets, especially with financial data or any other where comparison is made. For example, "probably of this aware is < 100%, but >= 80%. Please advise."
This is a common type comment made in one of our cost type applications. Unless the field is HTML, the < conversion won't work - it will take the literal '<' and display.
Add the dual complexity of storing data and then in a view or elsewhere hyperlinking part of that data for a clickable URL to open it or whatever. I would love to hear what the latest goings on are for this.