[cgiapp] Re: Nothing fancy but IE chokes?
Michael Peters
mpeters at plusthree.com
Tue Jan 1 17:49:18 EST 2008
Robert Hicks wrote:
> You are right *but* the code for that comes from:
>
> <title>[% webpage_title %]</title>
This probably isn't your problem, but all input that goes in your templates
should be HTML escaped unless you know it has been earlier. TT makes this very easy:
<title>[% wepage_title | html %]</title>
Not only will this allow your variables to contain things like "&" and "<"
without problems, but it will also protect you against XSS attacks.
--
Michael Peters
Developer
Plus Three, LP
More information about the cgiapp
mailing list