Escaping Single Quotes.

Brought to you by: samtregar

Escaping Single Quotes.

Forum: Open Discussion

Creator: Ralph Corderoy

Created: 2000-12-01

Updated: 2000-12-21

Ralph Corderoy - 2000-12-01

Hi,

I understand that HTML allows the values of attributes to be contained in either single or double quotes, e.g. `<a href='...'>' is valid.

Why is it that HTML::Template, and CGI, only escape double quotes and not single? This leads to <input type=text name=x value='O'Reilly'>.

Ralph.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Lee Weston - 2000-12-21
  
  I was just browsing that very bit of code.
  
  # straight from the CGI.pm bible.
          $toencode=~s/&/&/g;
          $toencode=~s/\"/"/g; #"
          $toencode=~s/>/>/g;
          $toencode=~s/</</g;
          $toencode=~s/'/'/g; #'
  
  So it looks like it should escape it and lt explains why HTML::Template and CGI work the same.
  
  Are you a Microsoft user by any chance? If so, turn "smart quotes" off.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.