Skip to main content.
home | support | download

Back to List Archive

RE: word fragment stemming

From: Bill Moseley <moseley(at)not-real.hank.org>
Date: Mon Mar 24 2003 - 18:21:46 GMT
On Thu, 20 Mar 2003, Greg Fenton wrote:

> 
> --- Bill Moseley <moseley@hank.org> wrote:
> > On Thu, 20 Mar 2003, McKenzie, Chuck wrote:
> > 
> > Fork and exec and then you don't have to worry about what characters
> > are entered [...]
> 
> How does this stop a cross-site scripting bug?

You mean how do you prevent someone from entering HTML that ends up being
displayed?  Escape HTML.

In the example the other day I posted had this for displaying the query:

   Found [% swish.hits %] hits for <b>[% query | html %]</b>

That's using Template-Toolkit's "html" filter.

Or do you mean something else?





-- 
Bill Moseley moseley@hank.org
Received on Mon Mar 24 18:25:47 2003