Ignore:
Timestamp:
12/07/08 17:13:55 (3 years ago)
Author:
KennethLavrsen
Message:

Item375: Eliminate use of URLPARAM in docs so it becomes an XSS trap
Done with the System web topics now

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/TipsContrib/data/System/TipsTopics.txt

    r1074 r1201  
    77Search (perl regular expression): <input name="searchfor" type="text" value="%URLPARAM{"searchfor" default="Enter search keywords here"}%" size="100" /> 
    88</form> 
    9 %SEARCH{ "%URLPARAM{"searchfor" default="search results go here"}%" topic="*TipTopic*" type="keyword" web="%SYSTEMWEB%, %MAINWEB%" format="     * [[$web.$topic][$pattern(.*?\-\-\-\+([^\n\r]+).*)]]:$n()       $summary(noheader, 100)$n()$percntCALC{$SETM(total, +1)}$percnt"}% 
     9%SEARCH{ "%URLPARAM{"searchfor" encode="quote" default="search results go here"}%" topic="*TipTopic*" type="keyword" web="%SYSTEMWEB%, %USERSWEB%" format="     * [[$web.$topic][$pattern(.*?\-\-\-\+([^\n\r]+).*)]]:$n()       $summary(noheader, 100)$n()$percntCALC{$SETM(total, +1)}$percnt"}% 
    1010 
    1111Total: %CALC{$GET(total)}% tips 
Note: See TracChangeset for help on using the changeset viewer.