search

mindmup / bootstrap-wysiwyg

Tiny bootstrap-compatible WISWYG rich text editor
MIT License
5.55k stars 840 forks source link

Do you sanitize the strings? #193

Closed Billybobbonnet closed 9 years ago

Billybobbonnet commented 9 years ago

Hello,

Everything is in the title, do you sanitize the strings or should it be done using a third party way?

Keep up the good work,

Cheers

Garito commented 9 years ago

It doesn't make any sense to sanitize on client side since an attack of man in the middle will bypass this sanitization

Do it on server side or, at least, in the jump before to write your data without any interference possible (meaning when the data riches the final server)

Billybobbonnet commented 9 years ago

noted. Thanks for answering :)

2015-04-26 22:15 GMT+02:00 Garito notifications@github.com:

It doesn't make any sense to sanitize on client size since an attack of man in the middle will bypass this sanitization

Do it on server side or, at least, in the jump before to write your data without any interference possible (meaning when the data riches the final server)

— Reply to this email directly or view it on GitHub https://github.com/mindmup/bootstrap-wysiwyg/issues/193#issuecomment-96430511 .