[Templates] html escaping

Wed, 16 Aug 2000 17:34:11 -0700 (PDT)

One thing I learned form the mod_perl discussion is that often ';' works
just the same as '&' or &'amp;'.  This is at least the case for the
Apache::Request and CGI modules.

Craig

On 16 Aug 2000, Randal L. Schwartz wrote:

> >>>>> "Jonas" == Jonas Liljegren <jonas@paranormal.se> writes:
> 
> Jonas> Variables in URLs should be URI-escaped rather than HTML-escaped. So this
> Jonas> is the exception.  I would suggest that any explicit filtering overrides
> Jonas> the specified default filtering.
> 
> Jonas> Examples:
> Jonas>    my $template = Template->new({FILTER_GET => 'html'});
> 
> Actually, they need *both*.
> 
> If you want to link to
> 
>         /cgi/foo?fred=flint%20stone&barney=rubble
> 
> then you must transmit
> 
>         <a href="/cgi/foo?fred=flint%20stone&amp;barney=rubble">
> 
> so something like
> 
>         <a href="[% uri_generated_value | html %]">
> 
> is needed in your template.
> 
> (Please don't repeat the thread from mod_perl here about "but
> my browser doesn't require that".  Yeah, on your test cases, it
> was making up for your errors, but the day you have a parameter
> named lt or gt or copy, you'll be very sorry. :)
> 
> -- 
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
> <merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
> 
> 
> _______________________________________________
> templates mailing list
> templates@template-toolkit.org
> http://www.template-toolkit.org/mailman/listinfo/templates
> 