Hello,
I'm curious about what other people think about an option to
turn ESCAPE=HTML on default, to protect against cross script scripting
practices by default.
This seems especially valuable when the convenient "associate => $q"
option is used.
Then programmers would be forcing themselves to consciously add
"NOESCAPE=html" to a tag.
To me, this seems like the equivalent of turning "use strict" on by
default, and explicitly declaring "no strict" where needed.
Thoughts?
Mark
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Html-template-users mailing list
Html-template-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/html-template-users
