Sometime Today, AK cobbled together some glyphs to say:
Mike, default_escape can be set to 'URL' or even 'JS' (there's
Javascript escaping in recent HTML::Template too). That's even tested
Consider this:
If I have some code in my template that needs to be html escaped, and
other code that needs to be js escaped, and I want both to be on by
default.
It makes sense therefore to do this:
html_escape => 1, js_escape => 1, foo_escape => 0
Of course, it's pretty hard to figure out which TMPL_VARs need to be
escaped in each way. It's also hard to extend this with sanity.
Philip
--
The sooner our happiness together begins, the longer it will last.
-- Miramanee, "The Paradise Syndrome", stardate 4842.6
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Html-template-users mailing list
Html-template-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/html-template-users
