On Fri, 28 Mar 2003, Lee Daniel Crocker wrote:
(Nick Reinking nick@twoevils.org):
<SCRIPT TYPE="text/javascript"> (capitalization suckiness)
I did settle on lowercase tags--somebody else added that SCRIPT, which I'd love to remove as soon as I figure out what it's there for.
That's for the optional 'enhanced recentchanges', I believe. It should be moved to a .js file and only referenced when using said enhanced recentchanges.
Quotes are trickier: I can't just change them all unilaterally because they are chosen based on the possible values of the attribute: i.e., those that might possibly contain single quotes are put in doubles, and vice versa.
Better IMHO to always use htmlspecialchars() to escape attribute values that aren't guaranteed to be safe (like integers that you've just calculated). Reduces the nasty-mistake potential.
-- brion vibber (brion @ pobox.com)