perl-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Kobes <ra...@theoryx5.uwinnipeg.ca>
Subject Re: [Patch 1.3] Apache::Util::escape_html()
Date Thu, 14 Nov 2002 14:56:14 GMT
On Thu, 14 Nov 2002, Per Einar Ellefsen wrote:

> Hi Stas,
> 
> At 03:11 14.11.2002, Stas Bekman wrote:
> >
> >Don't we have a problem with backwards compatibility here? If people were 
> >adding extra code to escape ' without checking that it's already escaped, 
> >now if we do it in escape_html(), there is a problem as it'd be escaped 
> >twice. Thus this change will break other people's code.
> 
> If it's already escaped, it can't be escaped one more time, because when 
> escaped it's become &apos;, so there's no single quote there to escape 
> again. So no backward compatibility problem.

I'm not sure if this would be a big issue, but in principle
someone could have some logic that relies on the current
behaviour of escape_html() not escaping ' (eg, do something if,
after escaping, a ' is present), which could then get broken by
this new behaviour. One could get around this by escaping ' only
if some flag is explicitly passed in, but perhaps this is too
involved ....

-- 
best regards,
randy


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org


Mime
View raw message