67
edits
WebAppSec/MozSecureWorld: Difference between revisions
→Calendar
| Line 231: | Line 231: | ||
** Only use parametrization, not escaping (it's too weak and inconsistent) | ** Only use parametrization, not escaping (it's too weak and inconsistent) | ||
** No false demo (for safety reasons) | ** No false demo (for safety reasons) | ||
** Demo of them typing in, and spitting out the results, be careful to have html entity encoding (done automatically in django, i.e. {{ userdata }} DON'T DO {{ userdata|safe }} ) | ** Demo of them typing in, and spitting out the results, be careful to have html entity encoding (done automatically in django, i.e.<nowiki> {{ userdata }} DON'T DO {{ userdata|safe }} </nowiki>) | ||
* write up / buttons / css everything so far | * write up / buttons / css everything so far | ||
* make wiki more readable | * make wiki more readable | ||