On Tuesday 22 January 2002 19:04, Perrin Harkins wrote: > Of course I set the charset, but I didn't know that might not be enough. > Does anyone know if Apache::Util::escape_html() and > HTML::Entities::encode() are safe?
A quick look (I could be wrong) at HTML::Entities seems to imply that it should be safe, as it uses numeric encoding for characters that it doesn't recognize. I don't know about Apache::Util. -- _______________________________________________________________________ Robin Berjon <[EMAIL PROTECTED]> -- CTO k n o w s c a p e : // venture knowledge agency www.knowscape.com ----------------------------------------------------------------------- I don't suffer from insanity. I enjoy every minute of it.