perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <>
Subject Re: [Patch 1.3] Apache::Util::escape_html()
Date Thu, 14 Nov 2002 02:11:45 GMT
Geoffrey Young wrote:
> hi all...
>    below is a patch, created (mostly) by darren, for functionality 
> requested by a user.
>    basically, Martin has asked for single quotes to be automatically 
> escaped by
> escape_html(), alongside the other 4 escapes (<, >, &, ").  

Don't we have a problem with backwards compatibility here? If people 
were adding extra code to escape ' without checking that it's already 
escaped, now if we do it in escape_html(), there is a problem as it'd be 
escaped twice. Thus this change will break other people's code.

Perhaps, escape_html() could optionally accept a range of chars to 
escape similar to HTML::Entities::encode_entities, and then the problem 
is solved without breaking anything.

Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker     mod_perl Guide --->

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message