On Wed, 2 Feb 2000, Marc Slemko wrote:
> http://www.apache.org/info/css-security/
> http://www.cert.org/advisories/CA-2000-02.html
I think I have found a little typo/oversight in the mod_perl example on
http://www.apache.org/info/css-security/encoding_examples.html
It uses escape_html rather then escape_uri on the href line, here is
a tiny patch.
Cheers,
-
Sander van Zoest [EMAIL PROTECTED]
High Geek (858) 623-7442
MP3.com, Inc. http://www.mp3.com/
See you at ApacheCon 2000 - Your premiere Music Service Provider (MSP)
diff -C3 -r1.4 encoding_examples.html
*** encoding_examples.html 2000/02/02 19:26:03 1.4
--- encoding_examples.html 2000/02/03 00:23:54
***************
*** 139,145 ****
$Text = "foo<b>bar";
$URL = "foo<b>bar.html";
$r->print(Apache::Util::escape_html($Text), "<BR>");
! $r->print("<A HREF=\"", Apache::Util::escape_html($URL),
"\">link</A>");
</PRE>
<P>This uses the same functions as in the Apache Module Example, called
--- 139,145 ----
$Text = "foo<b>bar";
$URL = "foo<b>bar.html";
$r->print(Apache::Util::escape_html($Text), "<BR>");
! $r->print("<A HREF=\"", Apache::Util::escape_uri($URL),
"\">link</A>");
</PRE>
<P>This uses the same functions as in the Apache Module Example, called
