perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <>
Subject Re: [Patch 1.3] Apache::Util::escape_html()
Date Thu, 14 Nov 2002 07:07:00 GMT
Per Einar Ellefsen wrote:

>>>    basically, Martin has asked for single quotes to be automatically 
>>> escaped by
>>> escape_html(), alongside the other 4 escapes (<, >, &, ").
>> Don't we have a problem with backwards compatibility here? If people 
>> were adding extra code to escape ' without checking that it's already 
>> escaped, now if we do it in escape_html(), there is a problem as it'd 
>> be escaped twice. Thus this change will break other people's code.
> If it's already escaped, it can't be escaped one more time, because when 
> escaped it's become &apos;, so there's no single quote there to escape 
> again. So no backward compatibility problem.

Look what brain damage these long vacations do to people. Next time you 
think to have a long break, just say 'No!'. :)

Thanks for recovering some of my lost cells Per Einar.

>> Perhaps, escape_html() could optionally accept a range of chars to 
>> escape similar to HTML::Entities::encode_entities, and then the 
>> problem is solved without breaking anything.
> I think this is going a little too far, especially for 1.0. I think we 
> should just make this small change, and leave it as is afterwards.


Though it won't really matter much as the next 1.0 release probably 
won't happen any time soon :)

Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker     mod_perl Guide --->

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message