Hi,

I’ve have a security question concerning the userapp.

In the detail portlet, we wanted to give our user to ability to change
some attributes, like tel number ...etc (with “edit your information”)
Now if someone enters something like </script> (which only messes the
interface up) or

-"; function MsgBox (textstring) { alert (textstring) } MsgBox("Stop
looking at my profile!!") ;"
-
This will be executed, if another user or he watches his profile.

Now is there a way to filter the input or am I missing something here
?

Kind Regards,
Gilles


--
nickleloup
------------------------------------------------------------------------
nickleloup's Profile: http://forums.novell.com/member.php?userid=9525
View this thread: http://forums.novell.com/showthread.php?t=332033