On Wed, 2 Feb 2000, Marc Slemko wrote:

> http://www.apache.org/info/css-security/
> http://www.cert.org/advisories/CA-2000-02.html

I think I have found a little typo/oversight in the mod_perl example on
http://www.apache.org/info/css-security/encoding_examples.html

It uses escape_html rather then escape_uri on the href line, here is
a tiny patch.

Cheers,

- 
Sander van Zoest                                             [EMAIL PROTECTED]   
High Geek                                                    (858) 623-7442
MP3.com, Inc.                                           http://www.mp3.com/
  See you at ApacheCon 2000 - Your premiere Music Service Provider (MSP) 
diff -C3 -r1.4 encoding_examples.html
*** encoding_examples.html      2000/02/02 19:26:03     1.4
--- encoding_examples.html      2000/02/03 00:23:54
***************
*** 139,145 ****
  $Text = "foo<b>bar";
  $URL = "foo<b>bar.html";
  $r->print(Apache::Util::escape_html($Text), "<BR>");
! $r->print("<A HREF=\"", Apache::Util::escape_html($URL), 
"\">link</A>");
  </PRE>
  <P>This uses the same functions as in the Apache Module Example, called
--- 139,145 ----
  $Text = "foo&lt;b&gt;bar";
  $URL = "foo&lt;b&gt;bar.html";
  $r-&gt;print(Apache::Util::escape_html($Text), "&lt;BR&gt;");
! $r-&gt;print("&lt;A HREF=\"", Apache::Util::escape_uri($URL), 
"\"&gt;link&lt;/A&gt;");
  </PRE>
  <P>This uses the same functions as in the Apache Module Example, called

Reply via email to