Forum OpenACS Development: Re: XSS vulnerability in XoWiki and a lot of other OpenACS pages

Dave, the ad_page_contract confirmation appears somewhat casual in its approach as attacks have become more sophisticated.

Even my previous example in this post is not adequate. The check for the form variables should actually be against the form submitted data before actual_name is assigned, to prevent some other nasty stuff that I can think about but don't want to post here.

ps. The check should bypass the rest of the loop if it fails.