Does Dreamweaver 8 help prevent XSS - cross site scripting
Posted on 2006-05-07
Does Dreamweaver 8 help prevent XSS or is some additional coding of the input required?
My take on this from the code is...
It checks for ' when constructing the INSERT, DELETE etc but I also see that it reads Request.Form which is the last and direct input from the user (uncleaned)...
' create the MM_fields and MM_columns arrays
MM_fields = Split(MM_fieldsStr, "|")
MM_columns = Split(MM_columnsStr, "|")
' set the form values
For MM_i = LBound(MM_fields) To UBound(MM_fields) Step 2
MM_fields(MM_i+1) = CStr(Request.Form(MM_fields(MM_i))) <---- the request.form line in standard DW constuct
Any ideas.... am I missing something?