12 Feb
2018
12 Feb
'18
5:41 p.m.
On Sun, 11 Feb 2018 00:45:13 +0100 Lutz Gehlen <lrg_ml@gmx.net> wrote:
On Saturday, 10.02.2018 09:16:52 Hermann Calabria wrote:
Why not use TT’s native FILTER capability:
<% somehtml FILTER html %>
The reason is that the application has many templates with many output sections that need to be filtered. To add the html filter to each of these places would be both cumbersome and error-prone.
Agreed. Having taken the FILTER approach until now, I have come to the conclusion that some will always be missed at some point in the application's development, leading to potential XSS vulnerabilities. Andy