Hi all,

all of you who are working on DTL files know that we have $Data, $QData (HTML quoting) and $LQData (URL parameter encoding) to output data in DTLs dynamically.

When deciding which one to use, please from now always use $QData (in HTML context) or $LQData (in URLs). Even if you just output a simple $QData{"TicketID"}. Only use $Data if you have to output HTML data, like a select box that was generated by the perl code.

The benefit is that the DTL files become more readable, because you can see what the nature of a certain parameter is. The main reason is that $Data potentially causes security problems, and we therefore must limit its use as much as we can.

To sum up: don't use $Data unless you have to! This applies to all areas of development at OTRS, not just the framework itself.

Regards,
-- 
Martin Gruner
Developer R&D

OTRS AG
Europaring 4
94315 Straubing

T: +49 (0)6172 681988 0
F: +49 (0)9421 56818 18
I:  www.otrs.com/

Geschäftssitz: Bad Homburg, Amtsgericht: Bad Homburg, HRB 10751, USt-Nr.: DE256610065
Aufsichtsratsvorsitzender: Burchard Steinbild, Vorstand: André Mindermann

NEU: OTRS::ITSM 2.0 - jetzt mit dem brandneuen Change Management Modul. -Die erste ITIL® V3 kompatible 
und nach PinkVERIFY zertifizierte Open Source IT Service Management (ITSM) Lösung weltweit!