Re: [htmltmpl] [PATCH] default_escape

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Fri, 21 Jun 2002, Tatsuhiko Miyagawa wrote:

> This patch allows you to do
>
>   HTML::Template->new(default_escape => 'HTML');
>
> then your TMPL_VARs will always be HTML-escaped unless you explicitly
> specify ESCAPE=0, which will be a handy guard against Cross Site
> Scripting attacks.

Looks good to me.  All it needs now is some documentation.  I'll do the
English if you'll do the Japanese.

-sam