We have a couple of times not been sufficiently carefull in our coding, and
had surprising results when fields contain special characters, that have
been
output to thw browser without prorper HTML-Encoding.
This often (for us at least) happens when making a selectlist og checkbox,
where the value is something fetch eg. from a database.
If the database field contains the " character, then this fouls up the HTML
-
causing all sorts of fun and debugging.
The solution is obvious: enclose all this kind of data in
$Server->HTMLEncode($data).
The resulting ASP code will then look soemwhat like this:
<INPUT type="text" name="arbst_navn" value="<%=
$Server->HTMLEncode($arbst->{arbst_navn}) %>" tabindex="1">
which is even more unreadable than before.
Therefore I would like to have a new tag [eg '<%-' but I am open (very open)
for better suggestions] that automatically HTMLEncodes the text inside the
tag.
This is a bit shorter then '$Server->HTMLEncode', and I think that I will be
able to teach that to my coworkers -and get them to use -with minimal
amount of fuss and physical violence
It couldbe done with a XMLsub, but isn't that a bit overkill. Of course
adding a
new tag could also be construed as overkill :)
Is this just too far out?
--
Henrik Tougaard, Copenhagen, Denmark
"The first rule of Perl Club is, we don't talk about Perl Club"
- Dave Cross at YAPC::Europe 2.0.01
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
