On 11/21/01 6:59 AM, "Danny Angus" <[EMAIL PROTECTED]> wrote:
> > Hence my own conviction that the only safe option is no HTML in submissions. > However I'd rather escape it on the way in than the way out to reduce load. That's something I intuitively agree with, and don't understand the contrary point of accepting everything in and processing everything out. I would guess the amount in would be significantly less than the amount out, and you get to leverage the context in which you are accepting input. (I.e. There should be no HTML on the input of a simple order form, for example...) -- Geir Magnusson Jr. [EMAIL PROTECTED] System and Software Consulting Be a giant. Take giant steps. Do giant things... -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
