perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Per Einar Ellefsen <perei...@oslo.online.no>
Subject Re: [Patch 1.3] Apache::Util::escape_html()
Date Thu, 14 Nov 2002 06:21:35 GMT
Hi Stas,

At 03:11 14.11.2002, Stas Bekman wrote:
>Geoffrey Young wrote:
>>hi all...
>>    below is a patch, created (mostly) by darren, for functionality 
>> requested by a user.
>>    basically, Martin has asked for single quotes to be automatically 
>> escaped by
>>escape_html(), alongside the other 4 escapes (<, >, &, ").
>
>Don't we have a problem with backwards compatibility here? If people were 
>adding extra code to escape ' without checking that it's already escaped, 
>now if we do it in escape_html(), there is a problem as it'd be escaped 
>twice. Thus this change will break other people's code.

If it's already escaped, it can't be escaped one more time, because when 
escaped it's become &apos;, so there's no single quote there to escape 
again. So no backward compatibility problem.

>Perhaps, escape_html() could optionally accept a range of chars to escape 
>similar to HTML::Entities::encode_entities, and then the problem is solved 
>without breaking anything.

I think this is going a little too far, especially for 1.0. I think we 
should just make this small change, and leave it as is afterwards.


-- 
Per Einar Ellefsen
pereinar@oslo.online.no



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message