[Catalyst] Picking template type based on input
Bill Moseley
moseley at hank.org
Fri Mar 26 21:36:05 GMT 2010
>
> A bit OT but:
> Is there any built in XSS protection built in some module in Catalyst?
> I was thinking something like auth tokens one can add to the html only
> known by the server and the loaded page, to protect private data sent
> by JSON. Or isn't that secure enough?
>
You have an example of what you need to protect against?
If you are sending a JSON response to the client it's not really "private"
-- any more than the html response. Guess, I don't understand your
concern.
-- =
Bill Moseley
moseley at hank.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20100326/f1b86=
597/attachment.htm
More information about the Catalyst
mailing list