lucene-solr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Solr Wiki] Update of "SolrSecurity" by TomGullo
Date Thu, 18 Nov 2010 14:26:56 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.

The "SolrSecurity" page has been changed by TomGullo.
http://wiki.apache.org/solr/SolrSecurity?action=diff&rev1=20&rev2=21

--------------------------------------------------

  
  Quick XSS tip:
  
- Problem: What if you want the browser to highlight text, but you want to protect yourself
from XSS and escape the HTML output?  
+ Problem: What if you want the browser to highlight text, but you also want to protect yourself
from XSS and escape the HTML output?  
  Solution: One solution is to escape the HTML output and then reapply the em tags.  Now the
rest of the snippet is safe and the browser will recognize the highlighted text.
  
  For example, with groovy/grails you could have the following in your controller:

Mime
View raw message