Greetings all,
In hts_templates.html, it explains the difference between $(VAR)
["normal"], $%(VAR) ["escaped for use in a URL"] and $&(VAR)
["HTML-escaped"].
a) Why do the hyperlinks in short.html and long.html not use
$%(URL)? From memory, spaces get coded correctly. I assume it
is done explicitly in the code, since "URL" always codes a URL...
Should we put comments to that effect in {short,long}.html, in
case people copy them for use as their own templates?
b) Does the fact that EXCERPT is not HTML-escaped pose a potential
security risk? Punctuation is stripped from EXCERPT, if < and >
are "extra word characters", this could cause problems.
Cheers,
Lachlan
--
[EMAIL PROTECTED]
ht://Dig developer DownUnder (http://www.htdig.org)
-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
ht://Dig Developer mailing list:
[EMAIL PROTECTED]
List information (subscribe/unsubscribe, etc.)
https://lists.sourceforge.net/lists/listinfo/htdig-dev
