9 Apr
2003
9 Apr
'03
8:36 a.m.
michael.taƱag wrote:
thanks! it works! of course, making it work doesn't satisfy me how it works makes me more satisfied. What's the "_[ ]" characters for? What do they do?
_[string] gets the object from the namespace (the "_"). I.e. <dtml-var spam> is the same (more or less) than <dtml-var "_['spam']">. There are some subtle difference though which can be read up on the net.
Why is it good pratice to have html quote?
You want to rule out the possiblity that someone could inject valid html/javscript into your page, to prevent "Cross site scripting" attacks (-> google) for instance. cheers, oliver