[development] Video module getting ready for 4.7 release: need help debugging

Gabor Hojtsy gabor at hojtsy.hu
Mon Jun 19 21:14:46 UTC 2006

Earl, Amazon could give you data that contains special HTML chars like < 
or > which would break the display without any hacker getting into your 


On Mon, 19 Jun 2006, Earl Dunovant wrote:

> Serious question: if an attacker has the necessary access to modify the data
> in the table (because that is what it would take to cause a problem) or if
> someone installs a malicious module do I really have any way to stop it?
> On 6/19/06, Dries Buytaert <dries.buytaert at gmail.com> wrote:
>> On 19 Jun 2006, at 18:41, Earl Dunovant wrote:
>>> These fields are coming from the database, and the table is
>>> populated with data from Amazon.com. I prefer scrubbing it on the
>>> way in (admittedly not doing that at the moment because I figured
>>> if you can hijack Amazon.com's servers you're going to get me if
>>> you want to anyway). The fewer places I have to worry about it, the
>>> better.
>> That doesn't work.  People (or modules) could edit or modify the node
>> at any time, and then you'd be toast. :-)
>> --
>> Dries Buytaert  ::  http://www.buytaert.net/

More information about the development mailing list