Programming - - By Harry Fuecks

Guess everyone makes mistakes

Gmail accounts ‘wide open to exploit’ through XSS (presumably in the form of an email).

Chris has a good explaination on XSS Self Defence.

While on the subject; was glancing at a PHP book called “PHP 4 Programming for Advanced Web Developers” – you thankfully won’t find in the bookstores (electronic only for a limited online bookstore). Here’s a quote;

You can validate the form data by using client-side scripting languages, such as JavaScript or VBScript, […], or send the form data to a verification script.

That suggests client side validation is good enough (and makes me want to scream). Think there needs to a place to report misinformation as well as application security holes.