Bug in URI ?!
Jonathan Stowe
jns at gellyfish.com
Fri Aug 18 19:59:37 BST 2006
On Wed, 2006-08-16 at 21:59, Dominic Mitchell wrote:
> Jonathan Stowe wrote:
> > On Wed, 2006-08-16 at 12:58, Dominic Mitchell wrote:
> >> On Wed, Aug 16, 2006 at 09:57:11AM +0100, Aaron Trevena wrote:
> >>> On 16/08/06, Jonathan Stowe <jns at gellyfish.com> wrote:
> >>>> On Wed, 2006-08-16 at 08:44, Dominic Mitchell wrote:
> >>>>> templating systems did HTML escaping by default
> >>>> ... and consequently destroying the carefully crafted Postscript, RTF,
> >>>> LaTeX or whatever else one might be trying to output.
> >> Then turn the default the other way. I'm willing to bet that these are
> >> fairly minority uses compared to web templating.
> >>
> >>> Exactly - what's wrong with [% value | html %] ?
> >>>
> >>> Works for me
> >> It works, but you're an expert web programmer with years of experience.
> >> You know to put it there.
> >>
> >> And I bet that were I to look at some of your source code to a web site,
> >> you'll have missed at least one. And that's quite likely to be a cross
> >> site scripting security hole waiting to happen.
> >>
> >> Why are you opposed to making the tools work according to spec?
> >
> > Obviously it's a bug in Perl, it would of course be reasonable to expect
> > that the encoding is done by the default IOLayer. Of course a "no
> > htmlencode" pragma will be grudgingly provided for the minority of code
> > that isn't a web application.
>
> Come on, don't be silly. Perl isn't sold as a web templating language.
But anything else it might do is a minority application right?
"Ideally suited to" is different to being "sold as".
/J\
--
This e-mail is sponsored by http://www.integration-house.com/
More information about the london.pm
mailing list