Michael Peters wrote:
Robert Hicks wrote:
You are right *but* the code for that comes from:
<title>[% webpage_title %]</title>
This probably isn't your problem, but all input that goes in your templates
should be HTML escaped unless you know it has been earlier. TT makes this very
easy:
<title>[% wepage_title | html %]</title>
Not only will this allow your variables to contain things like "&" and "<"
without problems, but it will also protect you against XSS attacks.
Thanks for the tip!
Robert
##### CGI::Application community mailing list ################
## ##
## To unsubscribe, or change your message delivery options, ##
## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ##
## ##
## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ##
## Wiki: http://cgiapp.erlbaum.net/ ##
## ##
################################################################
