Is layered-escaping that is needed, or can we simply make a new
escape module called, say "HTML_JS"
Alex Kapranoff wrote:
* Philip Tellis <email@example.com> [October 18 2005, 16:02]:
That's why there's only 1 _default_.
Oh well, "Perl is designed to make the easy jobs easy, without making
the hard jobs impossible."
I'd hoped that it was also, "... make impossible jobs pretty hard"
BTW, "double" or "layered" escaping is a very wanted feature.
item.innerHTML = "<strong><TMPL_VAR new_content></strong>";
This var needs first HTML, then JS escaping (in that order) or else
the code is likely just plain insecure. This task is not solved right