What do you think about it ?
(Please note that I do that in order to convince you. My proper conviction is that the behaviour described works for all browsers).
On 11/24/05, Laurent PETIT <[EMAIL PROTECTED]> wrote:
On 11/24/05, Johan Compagner < [EMAIL PROTECTED]> wrote:I think so.My question was will _javascript_ always work for all the browsers if it is escaped??
Correct, I didn't answer to the right question, sorry.
<input type="xxx" x=10;if(y<20) z = y + 'text' + x/2 + 20;">
escaped it will be:
<input type="xxx" x=10;if(y<20) z = y + 'text' + x/2 + 20;">
Will that always work in every browser?
I'm tempted to answer a big yes.
But as I've not tested it by myself, I'll try & see some formal answer.
And maybe try by myself with the most usefull,as well as (maybe) sending to the list a plain old html file for the willing users to test & try on different browsers (on windows flavors, linux, mac os x, ...)
If that is the case then there is no problem and we can escape attributes everytime. i think.
clicking on this link should popup the following string (including double quotes): "my tailor's daughter is richer than me:5 > 4"
