document caveats for quoting functions; fix documentation indenting/wrapping.

[perl/plp/.git] / PLP / Functions.pm

diff --git a/PLP/Functions.pm b/PLP/Functions.pm
index 3a0f0023c103c178b4777b1cbb3311b103403a0f..ef5b311070ec6c35744169a9cd9cf79160144f91 100644 (file)
--- a/PLP/Functions.pm
+++ b/PLP/Functions.pm
@@ -253,17 +253,26 @@ In void context, B<changes> the values of the given variables. In other contexts
 
     <: print Entity($user_input); :>
 
+Be warned that this function also HTMLizes consecutive whitespace and newlines (using &nbsp; and <br> respectively).
+For simple escaping, use L<XML::Quote>. To escape high-bit characters as well, use L<HTML::Entities>.
+
 =item EncodeURI LIST
 
-Replaces characters by their %-encoded values.
+Encodes URI strings according to RFC 3986. All disallowed characters are replaced by their %-encoded values.
 
 In void context, B<changes> the values of the given variables. In other contexts, returns the changed versions.
 
     <a href="/foo.plp?name=<:= EncodeURI($name) :>">Link</a>
 
+Note that the following reserved characters are I<not> percent-encoded, even though they may have a special meaning in URIs:
+
+       / ? : @ $
+
+This should be safe for escaping query values (as in the example above), but it may be a better idea to use L<URI::Escape> instead.
+
 =item DecodeURI LIST
 
-Decodes %-encoded strings.
+Decodes %-encoded strings. Unlike L<URI::Escape>, it also translates + characters to spaces (as browsers use those).
 
 In void context, B<changes> the values of the given variables. In other contexts, returns the changed versions.