On 2004-01-09, Mark Stosberg <[EMAIL PROTECTED]> wrote: > On 2004-01-09, petersm <[EMAIL PROTECTED]> wrote: >> Mark Stosberg <[EMAIL PROTECTED]> wrote >>> That last bug report prodded me to check the CPAN bug system for any >>> other open CGI::App bugs. I found one that could still use attention. >>> It suggests approving the dump_html() method to properly HTML-escape >>> output. Seems reasonable to me. >>> >>> Any volunteers to write the code and tests for this? >>> Full details are here: >>> http://rt.cpan.org/NoAuth/Bug.html?id=1926
The solution here involved using CGI.pm's escapeHTML function, a logical choice. Just as a head's up, this is one more thing we are depending on the CGI object to provide. So, if someone is using a CGI.pm alternative and wants to use the dump_html() method, their object will need to supply this method as well. If that's perceived to be an issue, we could use an alternate solution. Personally, I don't mind this additional dependency. Mark --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]