|
Deron Meranda
deron.meranda at gmail.com
Tue Nov 22 17:07:29 EST 2005
On 11/22/05, Jorey Bump <list at joreybump.com> wrote: > But you will still need to use > something like cgi.escape() when pulling strings from the db and > printing them to a browser. Remember when using cgi.escape that if you're writing something to an element attribute (anything inside a tag, between < and >) you should call it via cgi.escape(string,True), not just cgi.escape(string). If you use Myghty's m.apply_escape(), it is already always safe whether in an attribute or just normal content. Also remember the Myghty escape type 'x' can be used for any XML document, whereas 'h' should only be used for HTML. -- Deron Meranda
|