Forum OpenACS Q&A: Re: Security hole in ad_form (may change behavior of ad_form to fix!)

I'm lost, is the [ or $ passed in by the user or just in the call to ad_form. If this is just in ad_form, what is the issue?