From sbryzak at redhat.com Fri Jun 10 04:02:10 2011
Content-Type: multipart/mixed; boundary="===============8024740731720026657=="
MIME-Version: 1.0
From: Shane Bryzak <sbryzak at redhat.com>
To: seam-dev at lists.jboss.org
Subject: [seam-dev] Extended validation constraints
Date: Fri, 10 Jun 2011 18:02:05 +1000
Message-ID: <4DF1CF7D.9020001@redhat.com>

--===============8024740731720026657==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Hi Gunnar,

I had an idea today for a new validation constraint called @WebSafe - in =

summary what it would do is validate a rich text value provided by the =

user to ensure that it contains no malicious code, such as embedded =

<script> elements.  The implementation for this would use JTidy to =

convert the value to a DOM tree, after which it would walk the nodes of =

the tree and locate any <script> tags, and if any are present the =

validation would fail.

Anyway, the implementation isn't so important - what I was wondering =

though is whether you think something like this would be useful to have =

in the Seam Validation module.  I tend to think that it would be (and we =

can probably come up with quite a few other useful validation =

constraints also) but I would like to know what you think about this.

Shane

--===============8024740731720026657==--