> > Now this also escapes what comes from what is generated from > inside the perl itself (which I know is the correct > behaviour), what I want is that any user entered data (i.e. > any externally passed param) is escaped, but not what > internally generated Perl has done (I.e. a combination of > $escmode 0 and 4). > > Is this unfeasible ? >
The only thing you can do in this case is to change $escmode to zero for the parts of the page, you don't need escaping. For security reason, I would only do this if absolutly necessary and keep escaping in place also for the data that is generated by your Perl code, because this code might get in turn the data from a database or other external source, which can hold arbitary text... Gerald ** Virus checked by BB-5000 Mailfilter ** --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
