Chris Welch wrote:
I thought the deal with writing to external files and such
(remember some things will be written to flat files as well as DBM
files) is that it is a security issue if no checking is done for
malicious script -
I think you are mixing up things. Data is just data. If
1) the data would include code that could be executed, and
2) you actually let the code be executed
then bad things might happen. When dispaying data as HTML, it's
sufficient to HTML encode a few critical characters to prevent that 2)
can happen.
surely if I convert these characters to entities then it solves
both the security issue AND the displaying in a web page issue?
That being the case, surely it would be safer to convert things to
entities on the off chance of something being a bit dodgy...
Your approach is ... unusual, and AFAIU unnecessary.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
