Escaping in templates
Jouni Heikniemi
jth at mikrobitti.fi
Tue Feb 3 07:04:32 UTC 2004
>Do you url_quote anything which is part of a URL, and html anything else?
>Or is it not that simple? Do you ever need both?
I'd say it's that simple, if you want _really simple_ instructions. For
HTML, that is; for CSS and some extreme cases you may need to do a bit more
work. And no, you should never need both, since url_quote leaves no chars
that should be html-quoted.
The developers guide explains the differences between the filters quite
well (with examples!), but a simple rule would probably be good there, too.
Jouni
More information about the developers
mailing list