LOGICAL_WORDS is built up from the search query, so it's completely filtered. At one point, there were problems with WORDS because it essentially came from the search query.Does ht://Dig filter the text returned by $&(LOGICAL_WORDS) ? I have in mind a number of possible evil exploits of echoing this in a page (though I don't have or want the skills to implement them).
Also remember that the $&(VAR) syntax will HTML-escape everything, so things like <script> won't become markup tags, but rather <script>
Hope that answers your question,
--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/
-------------------------------------------------------
This SF.NET email is sponsored by: Order your Holiday Geek Presents Now!
Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap,
MP3 Players, XBox Games, Flying Saucers, WebCams, Smart Putty.
T H I N K G E E K . C O M http://www.thinkgeek.com/sf/
_______________________________________________
htdig-general mailing list <[EMAIL PROTECTED]>
To unsubscribe, send a message to <[EMAIL PROTECTED]> with a subject of unsubscribe
FAQ: http://htdig.sourceforge.net/FAQ.html
