From: drieux <[EMAIL PROTECTED]>
> On Friday, April 12, 2002, at 07:55 , Jenda Krynicky wrote:
>
> > No it will not.
>
> just figured that out....
> [..]
> > This is the safest method:
> >
> > use HTML::Entities;
> > $hiddenField = encode_entities(param('hiddenField'));
> >
> > $html = qq{<input type=hidden name=something
> > value="$hiddenfield">};
> >
> > Jenda
>
> I think I also support Nikola Janceski in that the problem
> really needs to be done using CGI.pm - vice trying to hand
> craft the lines......
Yes, if you can use that I fully agree you should, but if you have
some html "template" you fill in you have to make sure you escape
your data yourself :-)
But of course as always you have to make sure you do not quote
twice ... but that's a smaller bug since that's easier to find :-)
Jenda
=========== [EMAIL PROTECTED] == http://Jenda.Krynicky.cz ==========
There is a reason for living. There must be. I've seen it somewhere.
It's just that in the mess on my table ... and in my brain
I can't find it.
--- me
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
