On Fri, Aug 1, 2008 at 7:36 PM, Platonides <Platonides(a)gmail.com> wrote:
You would replace ">" by "
>" here as it's an operator. But if it's in a
string you want to replace with "+"> or '+'>
Perhaps forbidding is the easiest wayy, and make the developers struggle
around it, as they did for years with </script>
Yes, that's my thought. It's easy to work around manually on a
case-by-case basis, not so easy to work around in the software.