On 2005-10-14, Roger Burton West <[EMAIL PROTECTED]> wrote:
> On Fri, Oct 14, 2005 at 06:49:40PM +0400, Alex Kapranoff wrote:
>>* Mark Stosberg <[EMAIL PROTECTED]> [October 14 2005, 18:37]:
>>> I'm curious about what other people think about an option to
>>> turn ESCAPE=HTML on default, to protect against cross script scripting
>>> practices by default.
>>All for it. About 10% of my TMPL_VARS are not escaped. "NOESCAPE=html"
>>looks very confusing. Should probably be "ESCAPE=none".
You are right. Thanks for the refinement.
Mark
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Html-template-users mailing list
Html-template-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/html-template-users
