On Fri, 28 Mar 2003, Lee Daniel Crocker wrote:
(Nick Reinking
<nick(a)twoevils.org>)g>):
<SCRIPT TYPE="text/javascript"> (capitalization suckiness)
I did settle on lowercase tags--somebody else added that SCRIPT,
which I'd love to remove as soon as I figure out what it's there
for.
That's for the optional 'enhanced recentchanges', I believe. It should be
moved to a .js file and only referenced when using said enhanced
recentchanges.
Quotes are trickier: I can't just change them all
unilaterally
because they are chosen based on the possible values of the
attribute: i.e., those that might possibly contain single quotes
are put in doubles, and vice versa.
Better IMHO to always use htmlspecialchars() to escape attribute values
that aren't guaranteed to be safe (like integers that you've just
calculated). Reduces the nasty-mistake potential.
-- brion vibber (brion @
pobox.com)