Hi, I have opened a new bug (#23592) on rt.cpan.org for a new feature request: The "force_untaint" option. This option makes sure that no tainted values are set in the template. If set to 1, only TMPL_VARs with no ESCAPE-attribute must be untainted, if set to 2, every TMPL_VAR must be untainted.
I have attached a patch to the bug that implements this feature. Please let me know what you think. I believe this would be very helpful in preventing cross-site-scripting (CSS) bugs. Regards, -Sven Neuhaus ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Html-template-users mailing list Html-template-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/html-template-users
