On Fri, 21 Jun 2002, Tatsuhiko Miyagawa wrote: > This patch allows you to do > > HTML::Template->new(default_escape => 'HTML'); > > then your TMPL_VARs will always be HTML-escaped unless you explicitly > specify ESCAPE=0, which will be a handy guard against Cross Site > Scripting attacks.
Looks good to me. All it needs now is some documentation. I'll do the English if you'll do the Japanese. -sam ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Html-template-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/html-template-users
