Re: [htmltmpl] option to turn ESCAPE=HTML on by default

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

* Philip Tellis <phi...@gm...> [October 18 2005, 16:02]:
> >s/pretty hard/impossible/;
> >That's why there's only 1 _default_.
> 
> Oh well, "Perl is designed to make the easy jobs easy, without making 
> the hard jobs impossible."
> 
> I'd hoped that it was also, "... make impossible jobs pretty hard"

BTW, "double" or "layered" escaping is a very wanted feature.

See:
======
<script>
item.innerHTML = "<strong><TMPL_VAR new_content></strong>";
</script>
======

This var needs first HTML, then JS escaping (in that order) or else
the code is likely just plain insecure. This task is not solved right
now.

-- 
Alex Kapranoff,
$n=["1another7Perl213Just3hacker49"=~/\d|\D*/g];
$$n[0]={grep/\d/,@$n};print"@$n{1..4}\n"