Jonathan, Jonathan Revusky wrote:
Christopher Schultz wrote:#macro(htmlEscape $text)#if($text)$esc.html($text)#end#endSo, IOW, every time, that you want to write $foo you write instead: #hmlescape($foo)Doesn't that get a bit ugly and repetitious? If you want to apply the same routine to every output reference on the page, shouldn't there be a way of doing that?
There is a way of doing that, but I'm arguing that blanket-escaping of everything is incorrect.
I think your best bet is to escape them individually as you have demonstrated above. Yes, it's a lot of work, but that tends to be the case when you want to go back and add something like this. That's the penalty for not planning ahead.I can't see how this is a penalty for not planning ahead. It is simply a characteristic of the problem space that you will very likely want to escape the output of variables this way.
True, but his application was built without considering that he might want to escape a lot of data on the way out.
-chris
signature.asc
Description: OpenPGP digital signature
