perl-asp mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Chamas <jos...@chamas.com>
Subject Re: $Server->HTMLEncode, single quotes, and .pm files
Date Mon, 03 Jun 2002 23:08:44 GMT
Sven Köhler wrote:
> 
> > Perhaps this should be added to the $Server->HTMLEncode() regexp in
> > ASP.pm?
> >
> >       s/\'/&#039;/sg;
> 
> i would go even further with:
> s/[^\w\s\n\r]/escpape($1)/ge
> or somethin like this.

While I think this kind of escaping is relevant to URLEncode(), I do 
not think the white space needs character entity escaping via HTMLEncode().

I believe for example that if someone has something like this:

<input value="<%= $Server->HTMLEncode('some data

some more data') %>">

that this will work just fine because \n data is OK between 
HTML attribute quotes.

--Josh

_________________________________________________________________
Joshua Chamas                           Chamas Enterprises Inc.
NodeWorks Founder                       Huntington Beach, CA  USA 
http://www.nodeworks.com                1-714-625-4051

---------------------------------------------------------------------
To unsubscribe, e-mail: asp-unsubscribe@perl.apache.org
For additional commands, e-mail: asp-help@perl.apache.org


Mime
View raw message