I think that would be a good idea. Perhaps have an extra parameter when
creating a new template object such as html_escape:
my $template = HTML::Template->new(filename=>'filename.tmpl',
html_escape=>1);
...to turn all escaping for that object on by default. If the programmer
wanted the existing default (no escaping) then leave that parameter out
during object creation. And still have the current ability to turn escaping
on (ESCAPE=HTML or ESCAPE=1) or off (ESCAPE=0) within the template file.
Mike.
----- Original Message -----
From: "Mathew Robertson" <[EMAIL PROTECTED]>
To: <html-template-users@lists.sourceforge.net>
Sent: Monday, October 17, 2005 9:46 AM
Subject: Re: [htmltmpl] option to turn ESCAPE=HTML on by default
If this is going to happen, can we make it optional, as some of us dont
want escaping.
Mathew
I'm curious about what other people think about an option to
turn ESCAPE=HTML on default, to protect against cross script scripting
practices by default.
Sure, sounds reasonable to me.
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Html-template-users mailing list
Html-template-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/html-template-users
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Html-template-users mailing list
Html-template-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/html-template-users
