git.shiar.nl / perl / plp / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3dd6049) | patch
EscapeHTML function
authorMischa POSLAWSKY <perl@shiar.org>
Mon, 11 Feb 2008 02:44:29 +0000 (02:44 +0000)
committerMischa POSLAWSKY <perl@shiar.org>
Mon, 19 Oct 2009 02:07:02 +0000 (02:07 +0000)
commit958d374e19b67a3c68050a1dd29f7a10a44c74c9
treeeeedded61bc72c41628edf769b4a5d556170639dtree | snapshot
parent3dd60490b2f12aeabc457292b87fe43772ce0304commit | diff
EscapeHTML function

Another function to encode html/xml, this time (imho) the "right" way by
only quoting reserved characters.  The provided Entity() function would
often be unusable because of its overcomplete whitespace formatting.
This is a feature which I (have to) set up manually in many cases, which
seems very unfriendly for a module optimised for outputting HTML.

According to personal preferences, it only substitutes a minimal set of
entities:
- &amp; and &lt; (both required to prevent html interpretation)
- &gt; (for xml or otherwise to ease document parsing)
- &quot; (to make it usable in attribute values).

Single quotes (&#39; or &apos;) are left unquoted, assuming attributes are
always in double quotes (no reason to do otherwise).
Unlike Entity, it only handles a single argument, to allow for possible
options in the future (hopefully supporting a custom range of unsafe chars).
It also dies on failure (like trying to change read-only input), because
that is a user mistake which should not go unnoticed.

The name was devised to be more consistent with other environments (also
anticipating new URI encoding and decoding):

* php                   htmlspecialchars  html_entity_decode urlrawencode       urldecode
* javascript                                                 encodeURIComponent decodeURIComponent
* ruby CGI              escapeHTML        unescapeHTML       escape             unescape
- CGI::Simple::Util     escapeHTML        unescapeHTML       escape             unescape
- CGI::Util             (simple_escape)                      escape             unescape
- HTML::Mason::Escapes  basic_html_escape                    url_escape
- HTML::Tiny            entity_encode                        url_encode         url_decode
* URI::Escape                                                uri_escape_utf8    uri_unescape
* XML::Quote            xml_quote         xml_dequote
- PLP (legacy)          Entity                               EncodeURI          DecodeURI
- PLP (redesign)        EscapeHTML        UnescapeHTML       EscapeURI          UnescapeURI

HTML:
- Escape etc used nearly everywhere (so the obvious choice).
- Decode is only used by php, but uglily and inconsistently.
- Quote seems most appropriate linguistically, but only used in one minority
  module.

URIs:
- Encode etc common in php and javascript.
- Escape etc used by ruby and several perl modules (including URI::Escape),
  and is still familiar to javascript users
- URI used in all significant environemnts; URL only in minor modules.
MANIFEST diff | blob | history
lib/PLP/Functions.pm diff | blob | history
plp.vim diff | blob | history
t/10-functions.t diff | blob | history
t/15-escape.t [new file with mode: 0644] blob
PLP - Perl in HTML pages