Pathologically Eclectic Rubbish Lister | |
PerlMonks |
Re^2: Preventing XSS (sg)by tye (Sage) |
on Sep 19, 2007 at 20:48 UTC ( [id://639996]=note: print w/replies, xml ) | Need Help?? |
Note that I see no reason to encode quote characters here. It isn't like the result is being placed into an attribute value. (: And I probably wouldn't encode all ampersands since they are useful and rather low risk. If you are worried about the little-supported javascriptish ampersand stuff, then I'd only encode those ampersands. But I guess taking something useful away from users out of combined fear and laziness is not a shockingly rare result. Which leaves us with a couple of simple regexes and little reason to use a module:
- tye
In Section
Seekers of Perl Wisdom
|
|