view tests/blob.ur @ 1710:540df112ff62

Remove string-valued style attribute, which may allow injection attacks
author Adam Chlipala <adam@chlipala.net>
date Sun, 15 Apr 2012 12:40:53 -0400
parents 67ebd30a2283
children
line wrap: on
line source
fun main () =
  setHeader (blessResponseHeader "X-Test") "Test";
  return <xml><body>Test</body></xml>

fun bad () =
   setHeader (blessResponseHeader "X-Test") "Test";
   returnBlob (textBlob "hello") (blessMime "text/plain")