On Friday, April 12, 2002, at 09:51 , Jenda Krynicky wrote:
[..]
> Keep in mind that the user might have entered those ", <
> <B> and others. So if you want them to survive you have to escape
> them. Even if that would mean the page will contain
>
> <input type=hidden name=foo value="1 &lt; 2">
>
> if the user entered
> 1 < 2
YIKES!!!!!
what is the perl module for 'fix broken end user'?
Or is this more a problem of using the 'hidden' approach
for carrying state information from one invokation to
the next???
Given the original concern to 'retain' the "This Quote" in the
hidden field, there is now the problem of decode_entities perchance
more than once???
original input: "This Quote"
saved as hidden: $quot;This Quote$quot;
so the
$hiddenValue = param('hiddenValue');
would return it as
"This Quote" or as '$quot;This Quote$quot;'
???
ciao
drieux
---
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
