Randal L. Schwartz wrote:
Josh> The browser should handle this fine if you just encode the html entities.
Josh> If it's in an input you will have:
Josh> <input value="face of "fred".gif"> and the browser should Josh> take care of uri encoding.
Oh, you mean you think it's OK to send garbage (illegal according to the RFCs), and count on the error-correcting features of a browser to work properly when you've sent out garbage.
OK, I'll just ignore the garbage I'm getting from you then, and correct
the errors for the other readers of this list who believe in doing
things according to the specs.
How about this as a better example to make your point, Randal?
face of fred?.gif
;)
Oh wait, even better example:
face of "fred&bill?" ;).gif
Of course, I can't find any set of built-in filters that escapes either of them correctly. *grin*
http://hostile.org/images/face%20of%20%22fred%3F%22.gif http://hostile.org/images/face%20of%20%22fred%26bill%3F%22%20%3B).gif
Still, more filtering is better... always.
-- Mark D. Mills Xodiax (a peak 10 company) http://www.xodiax.com/ http://www.peak10.com/
_______________________________________________ templates mailing list [email protected] http://lists.template-toolkit.org/mailman/listinfo/templates
