Tuesday, October 30, 2012

setHTML example , unsafe ?


I'm reading about XSS attacks and GWT unsafe code.

I've got a method ( client side)

public void print(String message)

And this method is invoked by others methods (client side) on this way:

this.print("<br>This is an error</br>");
this.print("<br>This is another error</br>");

Where is the unsafe code ? How is it possible to inject malicious code ?

Thanks and regards

You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/2sZfZ7LnnPgJ.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.

No comments:

Post a Comment