[Zope] Zope inserting base tag

Dylan Reinhardt zope@dylanreinhardt.com
Thu, 27 Feb 2003 13:12:50 -0800


At 12:28 PM 2/27/2003, Jamie Heilman wrote:
>Jaroslav Lukesh wrote:
> > OK, this kind of questions are here every month. Use mixed HTML/DTML
> > construction:
> >
> > <base href="<dtml-var URL1>">
>
>No.  You mean <base href="&dtml-URL1;">.  Never place
>client-controlled data into a document without the proper contextual
>escaping.

By "proper contextual escaping" do you mean automatic HTML quoting?  Last I 
heard, that was the only difference between the two syntaxes.  HTML quoting 
is great for echoing back client input safely, but it's hard to see the 
urgency in this case.

Or does entity syntax now provide something I'm unaware of?


Dylan