This patch allows you to do
HTML::Template->new(default_escape => 'HTML');
then your TMPL_VARs will always be HTML-escaped unless you explicitly
specify ESCAPE=0, which will be a handy guard against Cross Site
Scripting attacks.
--
Tatsuhiko Miyagawa <[EMAIL PROTECTED]>
diff -ruP HTML-Templ
Even though I read the documentation for HTML::Template at some point,
I had gotten into the habit of using TMPL_IF in the sense of if a
variable is defined instead of if it is true. Now 99% of the time this
just happens to work, as most defined things are also considered to be
true. But t
