1) The old code used a CGI variable called completion_javascript - this variable contained arbitrary javascript code that was eval'd on in the client browser. I have removed this code and put it in the resource file. The dsgw code will set completion_javascript to one of the 3 keywords, and the new function emit_completion_javascript will look up the code in the resource file and output it with any required arguments. It just seems like a really bad idea to execute arbitrary blobs of javascript passed in a CGI argument.
2) Make the checking for the template file names stricter.
3) Added many new tests.
4) When removing unused or duplicate LDAP Mods, if we remove the last one, just free the entire array.