Not having used CGI::Lite before, I never noticed that function, but I have to admit that I'm a bit puzzled. It seems to me that an experienced programmer should have noticed something named escape_dangerous_characters() before this. Trying to eliminate the dangerous is far more difficult than simply allowing the safe.

Allow for too few "safe" characters, you restrict your functionality; allow for too few "dangerous" characters and you restrict your paychecks.

Cheers,
Ovid

New address of my CGI Course.
Silence is Evil (feel free to copy and distribute widely - note copyright text)