On Tue, 20 Aug 2002, Fanac Webmaster wrote: > What about uses of $(VAR) other than the ones that you specially > mention in your list? Such as METHOD, FORMAT, SORT, STARSRIGHT, > EXCERPT, etc. When I made a blanket change to my templates [$(VAR) -> > $&(VAR)] I got some wierd results, when I limited my changes to the > vars that you specified the results were as expected. Btw I'm still > on version 3.1.5 but I hope to upgrade to 3..1.6 soon.
If you introduce your own variable into the form using allow_in_form, then you should certainly make sure this HTML-escaped. The variables you mention are generated by htsearch internally and will have proper HTML encoding anyway. You do not need to change these. Again, take a look at the default templates and you'll see which variables have been escaped (i.e. the ones I mentioned) and the ones which are internal. -- -Geoff Hutchison Williams Students Online http://wso.williams.edu/ ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ htdig-general mailing list <[EMAIL PROTECTED]> To unsubscribe, send a message to <[EMAIL PROTECTED]> with a subject of unsubscribe FAQ: http://htdig.sourceforge.net/FAQ.html
