[cgiapp] Re: Nothing fancy but IE chokes?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cgiapp] Re: Nothing fancy but IE chokes?

Subject: [cgiapp] Re: Nothing fancy but IE chokes?
Date: Tue, 01 Jan 2008 21:11:20 -0500
From: Robert Hicks <suppressed>

Michael Peters wrote:

Robert Hicks wrote:

You are right *but* the code for that comes from:

<title>[% webpage_title %]</title>


This probably isn't your problem, but all input that goes in your templates
should be HTML escaped unless you know it has been earlier. TT makes this very easy:

  <title>[% wepage_title | html %]</title>

Not only will this allow your variables to contain things like "&" and "<"
without problems, but it will also protect you against XSS attacks.


Thanks for the tip!

Robert


#####  CGI::Application community mailing list  ################
##                                                            ##
##  To unsubscribe, or change your message delivery options,  ##
##  visit:  http://www.erlbaum.net/mailman/listinfo/cgiapp    ##
##                                                            ##
##  Web archive:   http://www.erlbaum.net/pipermail/cgiapp/   ##
##  Wiki:          http://cgiapp.erlbaum.net/                 ##
##                                                            ##
################################################################

References:
- [cgiapp] Nothing fancy but IE chokes?
  - From: Robert Hicks
- Re: [cgiapp] Nothing fancy but IE chokes?
  - From: Kevin
- [cgiapp] Re: Nothing fancy but IE chokes?
  - From: Robert Hicks
- Re: [cgiapp] Re: Nothing fancy but IE chokes?
  - From: Michael Peters

Prev by Date: Re: [cgiapp] Re: Nothing fancy but IE chokes?
Next by Date: [cgiapp] Adding Footer to Output
Previous by thread: Re: [cgiapp] Re: Nothing fancy but IE chokes?
Next by thread: [cgiapp] Adding Footer to Output
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.