On Tue, Mar 06, 2007 at 02:53:07AM -0800, Junio C Hamano wrote: > But then you are letting _other_ mod_perl users to affect your > behaviour, aren't you? "sub autoEscape" does this: Yes (but I don't know how mod_perl works, and I haven't been able to find a simple answer by skimming the docs). > If we worry about mod_perl (provided if $CGI::Q is shared across > mod_perl users), I suspect we would need to be a bit more > paranoid, perhaps like this, woudln't we? > [...] > +$cgi->autoEscape(1); That rebreaks the original problem, though. Calling escapeHTML doesn't look at $cgi, it looks at $Q (the "default" CGI object). I believe escape is _already_ set to 1 for $cgi (which is why the $cgi->escapeHTML patch worked). -Peff - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html