perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Per Einar Ellefsen <>
Subject Re: [Patch 1.3] Apache::Util::escape_html()
Date Thu, 14 Nov 2002 06:21:35 GMT
Hi Stas,

At 03:11 14.11.2002, Stas Bekman wrote:
>Geoffrey Young wrote:
>>hi all...
>>    below is a patch, created (mostly) by darren, for functionality 
>> requested by a user.
>>    basically, Martin has asked for single quotes to be automatically 
>> escaped by
>>escape_html(), alongside the other 4 escapes (<, >, &, ").
>Don't we have a problem with backwards compatibility here? If people were 
>adding extra code to escape ' without checking that it's already escaped, 
>now if we do it in escape_html(), there is a problem as it'd be escaped 
>twice. Thus this change will break other people's code.

If it's already escaped, it can't be escaped one more time, because when 
escaped it's become &apos;, so there's no single quote there to escape 
again. So no backward compatibility problem.

>Perhaps, escape_html() could optionally accept a range of chars to escape 
>similar to HTML::Entities::encode_entities, and then the problem is solved 
>without breaking anything.

I think this is going a little too far, especially for 1.0. I think we 
should just make this small change, and leave it as is afterwards.

Per Einar Ellefsen

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message