On Oct 14, 2005, at 9:37 AM, Mark Stosberg wrote:
I'm curious about what other people think about an option to
turn ESCAPE=HTML on default, to protect against cross script scripting
practices by default.
OMG YES!! 95% of all my vars have ESCAPE=HTML on them. Making this the
default would take away a lot of extra typing. But to turn it off for
the 5% I don't need escaped, ESCAPE=0 or ESCAPE=NONE or ESCAPE=NO would
be better.
--
Paul Baker
"Yes, we did produce a near-perfect republic. But will they keep it? Or
will they, in the enjoyment of plenty, lose the memory of freedom?”
-- Thomas Jefferson in a letter to John Adams
GPG Key: http://homepage.mac.com/pauljbaker/public.asc
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Html-template-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/html-template-users
