go ahead... be a heretic | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Note that I see no reason to encode quote characters here. It isn't like the result is being placed into an attribute value. (: And I probably wouldn't encode all ampersands since they are useful and rather low risk. If you are worried about the little-supported javascriptish ampersand stuff, then I'd only encode those ampersands. But I guess taking something useful away from users out of combined fear and laziness is not a shockingly rare result. Which leaves us with a couple of simple regexes and little reason to use a module:
- tye In reply to Re^2: Preventing XSS (sg)
by tye
|
|