F
Fred
I appreciate the potential danger vis-a-vis Cross-Site Scripting in allowing
user input to get to a Response.Write.
Suppose, however, that user input is assigned ONLY to the innerText
attribute of a textarea artifact. If this were the case, would there be any
potential of mischief?
(The reason I'm asking is that I want to allow user input to include
characters that are potentially dangerous ('<', '>', '#', etc.).
Thanks, in advance.
user input to get to a Response.Write.
Suppose, however, that user input is assigned ONLY to the innerText
attribute of a textarea artifact. If this were the case, would there be any
potential of mischief?
(The reason I'm asking is that I want to allow user input to include
characters that are potentially dangerous ('<', '>', '#', etc.).
Thanks, in advance.