[ic] cleanliness of session values

[Kevin Walsh]

Jeff Dafoe [jeff@badtz-maru.com] wrote:
> 
> Is it OK to take something from the CGI hash and assign it to the Values
> hash?  I want to confirm that the data in the values hash is considered to
> be tainted user input and that I do not need to perform any sanitization
> prior to assigning user data to it.
> 
"CGI" and "values" can both be tainted by user-supplied CGI values.
If you want to ensure that your data cannot be tainted then use the
scratch space instead.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin@cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/