Robert Hicks wrote: > You are right *but* the code for that comes from: > > <title>[% webpage_title %]</title>
This probably isn't your problem, but all input that goes in your templates should be HTML escaped unless you know it has been earlier. TT makes this very easy: <title>[% wepage_title | html %]</title> Not only will this allow your variables to contain things like "&" and "<" without problems, but it will also protect you against XSS attacks. -- Michael Peters Developer Plus Three, LP ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
