perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoffrey Young <ge...@modperlcookbook.org>
Subject [Patch 1.3] Apache::Util::escape_html()
Date Wed, 13 Nov 2002 17:02:48 GMT
hi all...

    below is a patch, created (mostly) by darren, for functionality requested by a user.

    basically, Martin has asked for single quotes to be automatically escaped by
escape_html(), alongside the other 4 escapes (<, >, &, ").  see
http://marc.theaimsgroup.com/?t=103679074800006&r=1&w=2 for the complete discussion.

I know we've been down the road to escape_html() espansion before
(http://marc.theaimsgroup.com/?l=apache-modperl-cvs&m=101708056429561&w=2) but I think
this might have some merit.  now, I'm not an RFC guru, but the HTML 4.01 spec
(http://www.w3.org/TR/html4/html40.txt) says this:

"By default, SGML requires that all attribute values be delimited using either double
quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single
quote marks can be included within the attribute value when the value is delimited by
double quote marks, and vice versa. Authors may also use numeric character references to
represent double quotes (&#34;) and single quotes (&#39;). For double quotes authors
can
also use the character entity reference &quot;."

single quotes still are not listed with the four others in 5.3.2, but the wording there
makes me think that these four are just (common) examples.

so, I dunno whether this is a good idea or not, but I guess I figured somebody should put
it out there for consideration.

--Geoff

Index: Changes
===================================================================
RCS file: /home/cvs/modperl/Changes,v
retrieving revision 1.656
diff -u -r1.656 Changes
--- Changes	13 Aug 2002 03:18:48 -0000	1.656
+++ Changes	13 Nov 2002 16:54:14 -0000
@@ -10,6 +10,10 @@

   =item 1.27_01-dev

+extend Apache::Util::escape_html() to escape single quotes
+[darren chamberlain <dlc@users.sourceforge.net>,
+ Marcin Kasperski <Marcin.Kasperski@acn.waw.pl>]
+
   document the server_root_relative() method [Stas Bekman <stas@stason.org>]

   eliminate warnings when flushing functions with empty () prototypes in
Index: src/modules/perl/Util.xs
===================================================================
RCS file: /home/cvs/modperl/src/modules/perl/Util.xs,v
retrieving revision 1.11
diff -u -r1.11 Util.xs
--- src/modules/perl/Util.xs	25 Mar 2002 18:45:23 -0000	1.11
+++ src/modules/perl/Util.xs	13 Nov 2002 16:54:14 -0000
@@ -45,6 +45,8 @@
   	    j += 4;
           else if (s[i] == '"')
   	    j += 5;
+        else if (s[i] == '\'')
+	    j += 5;

       if (j == 0)
   	return newSVpv(s,i);
@@ -66,6 +68,10 @@
   	else if (s[i] == '"') {
   	    memcpy(&SvPVX(x)[j], "&quot;", 6);
   	    j += 5;
+	}
+	else if (s[i] == '\'') {
+	    memcpy(&SvPVX(x)[j], "&#39;", 5);
+	    j += 4;
   	}
   	else
   	    SvPVX(x)[j] = s[i];
Index: t/net/perl/util.pl
===================================================================
RCS file: /home/cvs/modperl/t/net/perl/util.pl,v
retrieving revision 1.15
diff -u -r1.15 util.pl
--- t/net/perl/util.pl	19 Jun 2002 16:31:52 -0000	1.15
+++ t/net/perl/util.pl	13 Nov 2002 16:54:15 -0000
@@ -3,7 +3,7 @@
   use Apache::test;
   $|++;
   my $i = 0;
-my $tests = 7;
+my $tests = 8;

   my $r = shift;
   $r->send_http_header('text/plain');
@@ -74,6 +74,18 @@

   #print $esc_2;
   test ++$i, $esc eq $esc_2;
+
+# add a test for single quotes
+my $quotes = qq{let's <include> some "quotes" & stuff};
+
+my $quoted1 = Apache::Util::escape_html($quotes);
+#print $quoted1;
+
+my $quoted2 = HTML::Entities::encode($quotes, qq{><&"'});
+#print $quoted2;
+
+test ++$i, $quoted1 eq $quoted2;
+
   use Benchmark;

   =pod





---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message