Escaping Single Quotes.

2000-12-01
2000-12-21
  • Ralph Corderoy

    Ralph Corderoy - 2000-12-01

    Hi,

    I understand that HTML allows the values of attributes to be contained in either single or double quotes, e.g. `<a href='...'>' is valid.

    Why is it that HTML::Template, and CGI, only escape double quotes and not single?  This leads to <input type=text name=x value='O'Reilly'>.

    Ralph.

     
    • Lee Weston

      Lee Weston - 2000-12-21

      I was just browsing that very bit of code.

      # straight from the CGI.pm bible.
              $toencode=~s/&/&amp;/g;
              $toencode=~s/\&quot;/&quot;/g; #"
              $toencode=~s/>/&gt;/g;
              $toencode=~s/</&lt;/g;
              $toencode=~s/'/&#39;/g; #'

      So it looks like it should escape it and lt explains why HTML::Template and CGI work the same.

      Are you a Microsoft user by any chance?  If so, turn "smart quotes" off.

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks