durusmail: quixote-users: Adding magic to PTL, Or: how to stop worrying about XSS holes
Adding magic to PTL, Or: how to stop worrying about XSS holes
Adding magic to PTL, Or: how to stop worrying about XSS holes
2002-10-01
Adding magic to PTL, Or: how to stop worrying about XSS holes
Adding magic to PTL, Or: how to stop worrying about XSS holes
2002-10-02
2002-10-01
2002-10-01
2002-10-01
2002-10-01
Adding magic to PTL, Or: how to stop worrying about XSS holes
Nicola Larosa
2002-10-02
>> A definite "Go ahead!" from me, and thanks!
 >>
>> "...among other things he avoids clever tricks like the plague."
>>  E. J. Dijkstra, 1972 Turing award lecture (whole quote below)

> Hmm, perhaps the late Dr. Dijkstra does not share your opinion. :-)

I will sure ask him as soon as I have a chance, but I fear (actually, I
hope) it will take a while. ;^)


> I guess the question is: does the magic literals increase the mental load
> on the programmer?

The so called "magic" actually becomes one of the features of the template,
things that one has to learn anyway.


> I would like to think not since the rule is pretty
> simple (i.e. literal strings become _q_markupclass instances).

It enhances security by relieving a burden from the programmer while at the
same time improving reliability, looks quite worth of a little lookup (pun
intended).


--
"The competent programmer is fully aware of the strictly limited size of
his own skull; therefore he approaches the programming task in full humi-
lity, and among other things he avoids clever tricks like the plague."
   E. J. Dijkstra, 1972 Turing award lecture

Nicola Larosa - nico@tekNico.net




reply