[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Shocking omission in the Kepler platform
- From: Matt Campbell <mattcampbell@...>
- Date: Sat, 05 Jan 2008 14:02:55 -0600
Stefan Sandberg wrote:
So, if everything you want isn't provided to you, it's not serious anymore?
I wouldn't dare go that far. I understand that both the Lua project and
the Kepler project strive for simplicity and small size; that's what I
appreciate most about them both. I also realize that I can very easily
write my own HTML escape function; I already have.
However, few would dispute that the primary output format of CGI
programs is HTML; CGILua acknowledges this by providing other
conveniences for rendering HTML, such as Lua Pages. Moreover, most
non-trivial web applications must display user input, database records,
and other, potentially untrusted, non-HTML sources. Threfore, it seems
to me that an HTML escape function would be needed frequently enough to
be included in CGILua or some other Kepler package. That's why I was so
alarmed to learn that there is no such function in any of the Kepler
packages. Perhaps I over-reacted, but I still think an HTML escape
function should be included in CGILua.