On Wed, 2 Feb 2000, Marc Slemko wrote: > http://www.apache.org/info/css-security/ > http://www.cert.org/advisories/CA-2000-02.html I think I have found a little typo/oversight in the mod_perl example on http://www.apache.org/info/css-security/encoding_examples.html It uses escape_html rather then escape_uri on the href line, here is a tiny patch. Cheers, - Sander van Zoest [EMAIL PROTECTED] High Geek (858) 623-7442 MP3.com, Inc. http://www.mp3.com/ See you at ApacheCon 2000 - Your premiere Music Service Provider (MSP)
diff -C3 -r1.4 encoding_examples.html *** encoding_examples.html 2000/02/02 19:26:03 1.4 --- encoding_examples.html 2000/02/03 00:23:54 *************** *** 139,145 **** $Text = "foo<b>bar"; $URL = "foo<b>bar.html"; $r->print(Apache::Util::escape_html($Text), "<BR>"); ! $r->print("<A HREF=\"", Apache::Util::escape_html($URL), "\">link</A>"); </PRE> <P>This uses the same functions as in the Apache Module Example, called --- 139,145 ---- $Text = "foo<b>bar"; $URL = "foo<b>bar.html"; $r->print(Apache::Util::escape_html($Text), "<BR>"); ! $r->print("<A HREF=\"", Apache::Util::escape_uri($URL), "\">link</A>"); </PRE> <P>This uses the same functions as in the Apache Module Example, called