[Petal] (Fwd) Re: [mp-1 ?] Apache::Util::escape_html could handle sing

William McKee william@knowmad.com
Mon, 11 Nov 2002 17:38:52 -0500 

I guess it's a good sign that Petal has become stable since the list has been rather quiet lately...

I came across the following post in the mod_perl mailing list which references the single quote escape problem we've been 
addressing. I do not understand the implications of this email in relation to Petal and HTML::TreeBuilder but thought it may 
be useful for those more in the know.

Regards,
William

------- Forwarded message follows -------
Date sent:      	Mon, 11 Nov 2002 14:15:38 -0500
From:           	Geoffrey Young <geoff@modperlcookbook.org>
To:             	darren chamberlain <dlc@users.sourceforge.net>
Copies to:      	modperl@perl.apache.org, Marcin.Kasperski@acn.waw.pl
Subject:        	Re: [mp-1 ?] Apache::Util::escape_html could handle single quotation

[ Double-click this line for list subscription options ] 


> 
> 
> Two patches, one for t/net/util.pl and one for src/modules/perl/Util.xs.
> Apply them from the root of the untarred source.

cool, thanks.

you know, the test compares the results of Apache::Util::escape_html() to
HTML::Entities::encode, both of which do not translate ' into &apos by
default.

some of us on modperl-dev had a discussion with Doug recently about 
expanding Apache::Util::escape_html() to do things like HTML::Entities
(such as high-bit characters) and it was decided it was a bad idea.

see:

http://marc.theaimsgroup.com/?l=apache-modperl-cvs&m=101708056429561&w=2

and doug's reply:

http://marc.theaimsgroup.com/?l=apache-modperl-dev&m=101708105030300&w=2

namely "i had a bad feeling about this.  we should not be implementing
escape_html to begin with, the functionality should all be in apache."

so...  I could work this up and submit it, but I doubt that it would 
make it in to core, especially since it goes above and beyond 
HTML::Entities (the standard AFAICT).

if you really need single quotes escaped, you could always change 
calls to Apache::Util::escape_html() to 
HTML::Entities::encode_entities() and pass it your special escapes:

use HTML::Entities qw(encode_entities);

my $bad = qq!some unescaped 'quotes'!;
my $good = encode_entities($bad, qq!'!);

print "$good\n";

HTH

--Geoff




------- End of forwarded message -------