On Wed, Dec 18, 2002 at 05:13:45PM -0500, Chris Faust wrote: > Thanks Ronald, your right as that is what I doing as the first form page is > the user input for the description and then they can "preview" it in another > page before the post. > > Thing is I'm using CGI and I thought that all escaping is handled with the > module..
You need to do the escaping when the preview page is created. If you produce the HTML using CGI's methods, such as textfield(), textarea(), and hidden(), it should do the escaping for you. Ronald
