Re: [ANN] lua-users.org alternative wiki demo

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] lua-users.org alternative wiki demo
From: Petite Abeille <petite_abeille@...>
Date: Wed, 20 Feb 2008 18:44:03 +0100


On Feb 20, 2008, at 10:40 AM, Paul Moore wrote:

So HTML markup is passed through unchanged? Surely that's fairly
insecure? It wouldn't be hard for a hacker to work out some sort of
<script></script> block that would do something nasty...

Hmm... yes... on the other hand... a wiki is under much more scrutinythat your average blog comment... so such nastiness would not lastlong...


One could disable free form HTML quiet easily:

aText = aText:gsub( '(<.*>)', '`%1`' )

That would escape any HTML automatically... not sure if one would liketo put such a restriction though... something to ponder :)


Cheers,

PA.

References:
- [ANN] lua-users.org alternative wiki demo, Petite Abeille
- Re: [ANN] lua-users.org alternative wiki demo, Petite Abeille
- Re: [ANN] lua-users.org alternative wiki demo, Paul Moore

Prev by Date: Re: Implicit Globals - A compile time solution.
Next by Date: Re: MIME Mail parsing
Previous by thread: Re: [ANN] lua-users.org alternative wiki demo
Next by thread: lua-gtk 0.8 released
Index(es):
- Date
- Thread