2015-09-28 8:54 GMT-05:00 Shlomi Fish <shlomif@shlomifish.org>:
Hi Richard,

replying to the list. Please reply to the list next time - see the last line of
my signature.



Sorry, meant to reply to the list.
 

> > >  <div class="well" style="max-height: 300px;overflow: auto;">
> > >                 <ul class="list-group fancy-list-items">    <!-- <ul
> > > class="list-group checked-list-box"> -->
> > >              <table style="width:100%">
> > >                <% FOREACH Pat IN Pats.values.sort('SNAME') -%>
> > >                 <tr class="list-group-item">
> > >                   <td width="25"><% Pat.ID %>
> > >                   <td width="70"><% Pat.SNAME %>
> > >                   <td width="75"><% Pat.ANAME %>
> > >                   <td width="35"><% Pat.SSN %>
> > >                   <td width="35"><% Pat.YR %>
> > >                   <td width="250"><% Pat.CHNAME %>
> > >                   <td width="550"><% Pat.DESCRIP %>
> >
> > 1. You're missing the closing tag - "</td>".
> >
>
>    Thanks for pointing out.  Can't believe I missed that.
>

You're welcome. Are you validating your output? Do you have automated tests to
do it for you?

Validation is a work in progress for me. Trying to find an elegant way to take it out of my Dancer app but that's another story. In this particular case -- the case above -- all of the data is coming from a table via  $sth->fetchall_hashref('ID'). I there a still such a vulnerability if it's not user input?