Re: [htmltmpl] Suggestion on how to eliminate Cross-site-scripting (XSS) bugs for good.
Brought to you by:
samtregar
Menu
▾
▴
Re: [htmltmpl] Suggestion on how to eliminate Cross-site-scripting (XSS) bugs for good.
|
From: Sam T. <sa...@tr...> - 2006-11-15 21:01:35
|
On Tue, 17 Oct 2006, Tom Heady wrote: > Actually, I found that turning off escaping (ESCAPE="0") does not work > if you specify a default escape. > > See http://rt.cpan.org/Public/Bug/Display.html?id=18274 for more details > and a fix. I'll make sure this gets into the next release. I'm planning to put one out soon. -sam |
