You are right, that would suffice. But as far as I understand, making
escape modules is not trivial. Escaping is not abstracted enough inside
HTML::Template.
* Mathew Robertson <[EMAIL PROTECTED]> [October 20 2005, 08:22]:
> Is layered-escaping that is needed, or can we simply make a new escape
> module called, say "HTML_JS"
>
> Mathew
>
> Alex Kapranoff wrote:
>
> >* Philip Tellis <[EMAIL PROTECTED]> [October 18 2005, 16:02]:
> >
> >
> >>>s/pretty hard/impossible/;
> >>>That's why there's only 1 _default_.
> >>>
> >>>
> >>Oh well, "Perl is designed to make the easy jobs easy, without making
> >>the hard jobs impossible."
> >>
> >>I'd hoped that it was also, "... make impossible jobs pretty hard"
> >>
> >>
> >
> >BTW, "double" or "layered" escaping is a very wanted feature.
> >
> >See:
> >======
> ><script>
> >item.innerHTML = "<strong><TMPL_VAR new_content></strong>";
> ></script>
> >======
> >
> >This var needs first HTML, then JS escaping (in that order) or else
> >the code is likely just plain insecure. This task is not solved right
> >now.
> >
> >
> >
--
Alex Kapranoff,
$n=["1another7Perl213Just3hacker49"=~/\d|\D*/g];
$$n[0]={grep/\d/,@$n};print"@$n{1..4}\n"
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Html-template-users mailing list
Html-template-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/html-template-users
