in reply to default_escape for Template::Toolkit?
wow, interesting, that so few seem interested.
default_escape is IMHO the solution against XSS.
since i know it i don't want to miss it. it's so comfortable to
create templates while knowing that you can't forget to html-escape. at the same time you often stumble across embarrassing
XSS issues on other pages, and you can be sure that this very
probably won't happen to you.
so why seem most of the TT users here not to be interested? what do you do to prevent XSS reliably?