Mailing-List: contact dev-help@perl.apache.org; run by ezmlm
Precedence: bulk
Message-ID: <3DD30661.7000808@stason.org>
Date: Thu, 14 Nov 2002 10:11:45 +0800
From: Stas Bekman <stas@stason.org>
Organization: Hope, Humanized
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826
MIME-Version: 1.0
To: Geoffrey Young <geoff@modperlcookbook.org>
Cc: dev@perl.apache.org
Subject: Re: [Patch 1.3] Apache::Util::escape_html()
References: <3DD285B8.7040108@modperlcookbook.org>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Geoffrey Young wrote:
> hi all...
> 
>    below is a patch, created (mostly) by darren, for functionality 
> requested by a user.
> 
>    basically, Martin has asked for single quotes to be automatically 
> escaped by
> escape_html(), alongside the other 4 escapes (<, >, &, ").  

Don't we have a problem with backwards compatibility here? If people 
were adding extra code to escape ' without checking that it's already 
escaped, now if we do it in escape_html(), there is a problem as it'd be 
escaped twice. Thus this change will break other people's code.

Perhaps, escape_html() could optionally accept a range of chars to 
escape similar to HTML::Entities::encode_entities, and then the problem 
is solved without breaking anything.

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org