On Sun, 11 Feb 2018 00:45:13 +0100 Lutz Gehlen <lrg...@gmx.net> wrote: > On Saturday, 10.02.2018 09:16:52 Hermann Calabria wrote: > > Why not use TT’s native FILTER capability: > > > > <% somehtml FILTER html %> > > The reason is that the application has many templates with many > output sections that need to be filtered. To add the html filter to > each of these places would be both cumbersome and error-prone.
Agreed. Having taken the FILTER approach until now, I have come to the conclusion that some will always be missed at some point in the application's development, leading to potential XSS vulnerabilities. Andy _______________________________________________ dancer-users mailing list email@example.com http://lists.preshweb.co.uk/mailman/listinfo/dancer-users