I've looked on the htdig archive and not found an answer to
this... and I'm generally fairly good at finding things. I
am, however, too pressed for time to read the source.
Does ht://Dig filter the text returned by $&(LOGICAL_WORDS) ?
I have in mind a number of possible evil exploits of echoing
this in a page (though I don't have or want the skills to
in this instance, editor of
> Does ht://Dig filter the text returned by $&(LOGICAL_WORDS) ?
> I have in mind a number of possible evil exploits of echoing
> this in a page (though I don't have or want the skills to
> implement them).
LOGICAL_WORDS is built up from the search query, so it's completely
filtered. At one point, there were problems with WORDS because it
essentially came from the search query.
Also remember that the $&(VAR) syntax will HTML-escape everything, so
things like <script> won't become markup tags, but rather <script>
Hope that answers your question,
Williams Students Online
Get latest updates about Open Source Projects, Conferences and News.