Re: [htmltmpl] [PATCH] default_escape
Brought to you by:
samtregar
From: Tatsuhiko M. <miy...@ed...> - 2002-06-24 03:56:41
|
At Sat, 22 Jun 2002 15:56:12 -0400 (EDT), Sam Tregar wrote: > > This patch allows you to do > > > > HTML::Template->new(default_escape => 'HTML'); > > > > then your TMPL_VARs will always be HTML-escaped unless you explicitly > > specify ESCAPE=0, which will be a handy guard against Cross Site > > Scripting attacks. > > Looks good to me. All it needs now is some documentation. I'll do the > English if you'll do the Japanese. Surely, will do ;-) -- Tatsuhiko Miyagawa <miy...@ed...> |