[Zope] Zope inserting base tag
Dylan Reinhardt
zope@dylanreinhardt.com
Thu, 27 Feb 2003 13:12:50 -0800
At 12:28 PM 2/27/2003, Jamie Heilman wrote:
>Jaroslav Lukesh wrote:
> > OK, this kind of questions are here every month. Use mixed HTML/DTML
> > construction:
> >
> > <base href="<dtml-var URL1>">
>
>No. You mean <base href="&dtml-URL1;">. Never place
>client-controlled data into a document without the proper contextual
>escaping.
By "proper contextual escaping" do you mean automatic HTML quoting? Last I
heard, that was the only difference between the two syntaxes. HTML quoting
is great for echoing back client input safely, but it's hard to see the
urgency in this case.
Or does entity syntax now provide something I'm unaware of?
Dylan