Let's make a list:Ivan says it right, maybe it is sufficient to encode & " ' < > everywhere, and add an attribute to disable this.
tag/attribute minimum escape chars =============================================================== each value attribute " ' plain text < >
Any more?
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ DbForms Mailing List
http://www.wap-force.net/dbforms
