undefined | Better HN

0 pointsfifilura2y ago0 comments

I have some recollection about filters defined by jinja macros opening up for SQL injections.

0 comments

And this would be fine if you could lock down arbitrary input in e.g. dropdowns, but it was still possible to input arbitrary strings even in a dropdown because of the choice of widget.

j / k navigate · click thread line to collapse

0 pointsfifilura2y ago0 comments

I have some recollection about filters defined by jinja macros opening up for SQL injections.

0 comments

fifiluraOP2y ago

And this would be fine if you could lock down arbitrary input in e.g. dropdowns, but it was still possible to input arbitrary strings even in a dropdown because of the choice of widget.

j / k navigate · click thread line to collapse