| commit | f91c219ca8bf2da57469518fb7234620e962f400 | |
| author | Jakub Narebski <jnareb@gmail.com> | |
| Wed, 7 Mar 2007 01:18:53 +0000 (7 02:18 +0100) | ||
| committer | Jakub Narebski <jnareb@gmail.com> | |
| Wed, 7 Mar 2007 01:18:53 +0000 (7 02:18 +0100) | ||
| tree | 3a1c45db19c00a0d3ff679339b8d4bf5fa6ce149 | treesnapshot (tar.gz zip) |
| parent | ee271a41bcecb2506c73517a0ebe2624f6d89671 | commitdiff |
gitweb: Don't escape attributes in CGI.pm HTML methods
There is no need to escape HTML tag's attributes in CGI.pm
HTML methods (like CGI::a()), because CGI.pm does attribute
escaping automatically.
Explanation:
$cgi->a({ ... -attribute => atribute_value }, tag_contents)
is translated to
<a ... attribute="attribute_value">tag_contents</a>
The rules for escaping attribute values (which are string contents) are
different. For example you have to take care about escaping embedded '"'
and "'" characters; CGI::a() does that for us automatically.
CGI::a() cannot HTML escape tag contents automatically; we might want to
write
<a href="URL">some <b>bold</b> text</a>
for example. So we have to esc_html (or esc_path) if needed.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
There is no need to escape HTML tag's attributes in CGI.pm
HTML methods (like CGI::a()), because CGI.pm does attribute
escaping automatically.
Explanation:
$cgi->a({ ... -attribute => atribute_value }, tag_contents)
is translated to
<a ... attribute="attribute_value">tag_contents</a>
The rules for escaping attribute values (which are string contents) are
different. For example you have to take care about escaping embedded '"'
and "'" characters; CGI::a() does that for us automatically.
CGI::a() cannot HTML escape tag contents automatically; we might want to
write
<a href="URL">some <b>bold</b> text</a>
for example. So we have to esc_html (or esc_path) if needed.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
| gitweb/gitweb.perl | diffblobblamehistory |