#1 Use HTML::Entities::encode instead of CGI::escapeHTML

closed-accepted
nobody
None
5
2003-05-25
2003-05-01
Wesley Smith
No

In my setup, I've had problems with the CGI::escapeHTML
function not working correctly. I have observed text
showing up in the topic screen unescaped, which causes
it to not render properly.

By looking at the code to CGI::escapeHTML, I've found
that it checks an internal variable, $self->{'escape'}
to decide whether it should actually escape anything or
not. Apparently, in my case that variable is set to
false. I don't know why I'm seeing this problem and
others aren't. Maybe because I'm running with mod_perl?

Anyway, a good solution seems to be to use
HTML::Entities::encode instead. It always works, and
escapes more characters anyway.

Attached is a first pass at this change, which works
for me.

Discussion

  • Wesley Smith
    Wesley Smith
    2003-05-01

    A patch to use HTML::Entities::encode

     
    Attachments
  • David Sitsky
    David Sitsky
    2003-05-17

    Logged In: YES
    user_id=208928

    Thanks, this looks good. I've also had some strange
    experiences with CGI::escapeHTML. I'll make sure this gets
    into the next release.

     
  • David Sitsky
    David Sitsky
    2003-05-25

    • status: open --> open-accepted
     
  • David Sitsky
    David Sitsky
    2003-05-25

    Logged In: YES
    user_id=208928

    This is now in CVS. Once slight change to your patch was
    there was no need to change EditTopic.pm, since it calls
    response->escapeHTML() anyway, which you have changed.

     
  • David Sitsky
    David Sitsky
    2003-05-25

    • status: open-accepted --> closed-accepted