Bug #15061 for HTML-Template: wish: add option to turn escape=html on default

RT for rt.cpan.org

This queue is for tickets about the HTML-Template CPAN distribution.

Report information

The Basics

Id:	15061
Status:	resolved
Priority:	0/
Queue:	HTML-Template

People

Owner:	Nobody in particular
Requestors:	mark [...] summersault.com
Cc:
AdminCc:

Bug Information

Severity:	Wishlist
Broken in:	2.7
Fixed in:	(no value)

History Show all quoted text

Fri Oct 14 13:45:53 2005 Guest - Ticket created

Subject:

wish: add option to turn escape=html on default

There should be an option to turn on "escape=html" by default, and then turn it off selectively with "escape=none" or another escaping option. This reduces vulnerability to XSS attacks and mirrors how "use strict / no strict" are recommended to be used. Mark

Mon Dec 05 16:04:52 2005 Guest - Correspondence added

From:

markstos [...] cpan.org

This idea was well received on the list, and patches and tests were submitted there to address the issue.

Thu Dec 22 12:11:51 2005 SAMTREGAR [...] cpan.org - Correspondence added

This is fixed in 2.8.

Thu Dec 22 12:11:52 2005 SAMTREGAR [...] cpan.org - Status changed from 'new' to 'resolved'

Sat Jun 10 10:06:26 2006 The RT System itself - Status changed from 'resolved' to 'open'

Mon Jan 29 14:42:42 2007 SAMTREGAR [...] cpan.org - Correspondence added

I don't know why RT reopened this - it really is fixed in 2.8, and it's better in 2.9 now that escape=none will work.

Mon Jan 29 14:42:44 2007 SAMTREGAR [...] cpan.org - Status changed from 'open' to 'resolved'