PHP - security etc
Simon Wilcox
essuu at ourshack.com
Thu Mar 8 15:13:21 GMT 2007
On Thu, 8 Mar 2007, Dominic Mitchell wrote:
> Mason works great for me:
>
> % $foo = "<b>@</b>";
> <% $foo %> # <b>@</b>
> <% $foo |n %> # <b>@</b>
And what does this output ?
% $input = "<blink>I rulez</blink>"; # or a cgi param :-)
% $foo = "<b>$input</b>";
<% $foo %> #
<% $foo |n %> #
I don't think either is what you want, which is
<b><blink>I rulez</blink></b>
So you still have to deal with escaping html by hand. Or am I wrong here ?
Simon.
--
"So long and thanks for all the fish"
More information about the london.pm
mailing list