if we have some text like "this & that" then by default we escape the & to "this & that" which is a bit silly. I wonder if we should by default auto-detect entity references in the markup/text and not escape them?
see the discussion here: http://groups.google.com/group/scalate/browse_thread/thread/6231fc39c6f769b8
see the discussion here: http://groups.google.com/group/scalate/browse_thread/thread/6231fc39c6f769b8
Leave a comment
I think a very clear rule should be that content from variables are escaped, but statically typed content is not. And this has to do with context. If it's statically typed in the HTML form, you can be expected to type it correctly. A variable is typically sourced from something else and cannot have the same expectation.
No file chosen
You have an empty file field. Please select or remove it.
Name | Size |
---|