perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: [Patch 1.3] Apache::Util::escape_html()
Date Thu, 14 Nov 2002 02:11:45 GMT
Geoffrey Young wrote:
> hi all...
> 
>    below is a patch, created (mostly) by darren, for functionality 
> requested by a user.
> 
>    basically, Martin has asked for single quotes to be automatically 
> escaped by
> escape_html(), alongside the other 4 escapes (<, >, &, ").  

Don't we have a problem with backwards compatibility here? If people 
were adding extra code to escape ' without checking that it's already 
escaped, now if we do it in escape_html(), there is a problem as it'd be 
escaped twice. Thus this change will break other people's code.

Perhaps, escape_html() could optionally accept a range of chars to 
escape similar to HTML::Entities::encode_entities, and then the problem 
is solved without breaking anything.

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message