From noreply at atlassian.com Fri Jun 10 12:54:25 2011
Content-Type: multipart/mixed; boundary="===============5411878578777090418=="
MIME-Version: 1.0
From: George Gastaldi (JIRA) <noreply at atlassian.com>
To: hibernate-issues at lists.jboss.org
Subject: [hibernate-issues] [Hibernate-JIRA] Commented: (HV-490) Create
 @WebSafe annotation
Date: Fri, 10 Jun 2011 11:54:24 -0500
Message-ID: <256928674.3747.1307724864991.JavaMail.j2ee-opensource-projects@vps07.contegix.com>
In-Reply-To: 550285721.3742.1307718204991.JavaMail.j2ee-opensource-projects@vps07.contegix.com

--===============5411878578777090418==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable


    [ http://opensource.atlassian.com/projects/hibernate/browse/HV-490?page=
=3Dcom.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focused=
CommentId=3D42566#action_42566 ] =


George Gastaldi commented on HV-490:
------------------------------------

Git pull request created: https://github.com/hibernate/hibernate-validator/=
pull/61

> Create @WebSafe annotation
> --------------------------
>
>                 Key: HV-490
>                 URL: http://opensource.atlassian.com/projects/hibernate/b=
rowse/HV-490
>             Project: Hibernate Validator
>          Issue Type: Improvement
>            Reporter: George Gastaldi
>
> According to Shane Brizak statement on seam-dev list:
> {quote}
> Hi Gunnar,
> I had an idea today for a new validation constraint called @WebSafe - in =

> summary what it would do is validate a rich text value provided by the =

> user to ensure that it contains no malicious code, such as embedded =

> <script> elements.  The implementation for this would use JTidy to =

> convert the value to a DOM tree, after which it would walk the nodes of =

> the tree and locate any <script> tags, and if any are present the =

> validation would fail.
> Anyway, the implementation isn't so important - what I was wondering =

> though is whether you think something like this would be useful to have =

> in the Seam Validation module.  I tend to think that it would be (and we =

> can probably come up with quite a few other useful validation =

> constraints also) but I would like to know what you think about this.
> Shane
> {quote}

-- =

This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: htt=
p://opensource.atlassian.com/projects/hibernate/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

       =20

--===============5411878578777090418==--