[Zope] combining form variables and URL values

Dylan Reinhardt zope@dylanreinhardt.com
10 Jun 2003 15:56:21 -0700


On Tue, 2003-06-10 at 15:14, Jamie Heilman wrote:
> Those last two lines should read:
> 
>   <input type="hidden" name="UID" value="&dtml-UID;" />
>   <input type="hidden" name="skin" value="&dtml-skin;" />
> 
> When giving examples, I find it best to refrain from introducting
> blatant cross site scripting holes.

A very good point.  I still use the regular syntax out of habit, and the
reminder is appreciated.  :-)

Dylan