Re: [htmltmpl] option to turn ESCAPE=HTML on by default
Brought to you by:
samtregar
Menu
▾
▴
Re: [htmltmpl] option to turn ESCAPE=HTML on by default
|
From: Paul B. <pb...@wh...> - 2005-10-14 16:51:39
|
On Oct 14, 2005, at 9:37 AM, Mark Stosberg wrote:
> I'm curious about what other people think about an option to
> turn ESCAPE=3DHTML on default, to protect against cross script =
scripting
> practices by default.
OMG YES!! 95% of all my vars have ESCAPE=3DHTML on them. Making this the=20=
default would take away a lot of extra typing. But to turn it off for=20
the 5% I don't need escaped, ESCAPE=3D0 or ESCAPE=3DNONE or ESCAPE=3DNO =
would=20
be better.
--=20
Paul Baker
"Yes, we did produce a near-perfect republic. But will they keep it? Or=20=
will they, in the enjoyment of plenty, lose the memory of freedom?=94
-- Thomas Jefferson in a letter to John Adams
GPG Key: http://homepage.mac.com/pauljbaker/public.asc
|
