[dancer-users] Template Toolkit Sort Hash
wanradt at gmail.com
Mon Sep 28 15:00:38 BST 2015
2015-09-28 16:54 GMT+03:00 Shlomi Fish <shlomif at shlomifish.org>:
> Because cross-site scripting (XSS) can be a serious security vulnerability.
> Let's suppose you put a field called "myfield" that was input from the user
> directly into the HTML:
> <td><% myfield %></td>
> Then a malicious user can put something like this in "myfield":
> And this is just the beginning of malicious JS that can be inserted.
> For a cautionary measure, see:
Some template-engines treat your variables as potentially dangerous
unless you don't tell otherwise. For example Text::Xslate
More information about the dancer-users