[Templates] html escaping

[Jonas Liljegren]

On Wed, 16 Aug 2000, Jonas Liljegren wrote:

> Variables in URLs should be URI-escaped rather than HTML-escaped. So this
> is the exception.  I would suggest that any explicit filtering overrides
> the specified default filtering.

One important thing here. URI-strings in the HTML document should actualy
also be HTML filtered. The string
http://www.space.orb/searh?q=star&lang=se should have the '&' escaped. 

-- 
/ Jonas  -  http://jonas.liljegren.org/myself/en/index.html