[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Re: [xml-dev] What characters can go into a CDATA section and acomment? (I found inconsistencies)
- From: "Liam R. E. Quin" <liam@fromoldbooks.org>
- To: Peter Flynn <peter@silmaril.ie>, xml-dev@lists.xml.org
- Date: Thu, 24 Mar 2022 10:52:40 -0400
On Thu, 2022-03-24 at 08:28 +0000, Peter Flynn wrote:
>
> CDATA sections are also used by many web developers unsure of exactly
> /what/ a user is going to input, and exactly /when/ in subsequent
> non-XML processes the markup is going to be stripped, so they use it
> as
> a safety-net of last resort, which often goes wrong;
Yup, this is why CDATA injection attacks are a thing.
Little Bobby Tables now works as a back end developer...
--
Liam Quin, https://www.delightfulcomputing.com/
Available for XML/Document/Information Architecture/XSLT/
XSL/XQuery/Web/Text Processing/A11Y training, work & consulting.
Barefoot Web-slave, antique illustrations: http://www.fromoldbooks.org
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
