hi all... below is a patch, created (mostly) by darren, for functionality requested by a user.
basically, Martin has asked for single quotes to be automatically escaped by escape_html(), alongside the other 4 escapes (<, >, &, "). see http://marc.theaimsgroup.com/?t=103679074800006&r=1&w=2 for the complete discussion. I know we've been down the road to escape_html() espansion before (http://marc.theaimsgroup.com/?l=apache-modperl-cvs&m=101708056429561&w=2) but I think this might have some merit. now, I'm not an RFC guru, but the HTML 4.01 spec (http://www.w3.org/TR/html4/html40.txt) says this: "By default, SGML requires that all attribute values be delimited using either double quotation marks (ASCII decimal 34) or single quotation marks (ASCII decimal 39). Single quote marks can be included within the attribute value when the value is delimited by double quote marks, and vice versa. Authors may also use numeric character references to represent double quotes (") and single quotes ('). For double quotes authors can also use the character entity reference "." single quotes still are not listed with the four others in 5.3.2, but the wording there makes me think that these four are just (common) examples. so, I dunno whether this is a good idea or not, but I guess I figured somebody should put it out there for consideration. --Geoff Index: Changes =================================================================== RCS file: /home/cvs/modperl/Changes,v retrieving revision 1.656 diff -u -r1.656 Changes --- Changes 13 Aug 2002 03:18:48 -0000 1.656 +++ Changes 13 Nov 2002 16:54:14 -0000 @@ -10,6 +10,10 @@ =item 1.27_01-dev +extend Apache::Util::escape_html() to escape single quotes +[darren chamberlain <[EMAIL PROTECTED]>, + Marcin Kasperski <[EMAIL PROTECTED]>] + document the server_root_relative() method [Stas Bekman <[EMAIL PROTECTED]>] eliminate warnings when flushing functions with empty () prototypes in Index: src/modules/perl/Util.xs =================================================================== RCS file: /home/cvs/modperl/src/modules/perl/Util.xs,v retrieving revision 1.11 diff -u -r1.11 Util.xs --- src/modules/perl/Util.xs 25 Mar 2002 18:45:23 -0000 1.11 +++ src/modules/perl/Util.xs 13 Nov 2002 16:54:14 -0000 @@ -45,6 +45,8 @@ j += 4; else if (s[i] == '"') j += 5; + else if (s[i] == '\'') + j += 5; if (j == 0) return newSVpv(s,i); @@ -66,6 +68,10 @@ else if (s[i] == '"') { memcpy(&SvPVX(x)[j], """, 6); j += 5; + } + else if (s[i] == '\'') { + memcpy(&SvPVX(x)[j], "'", 5); + j += 4; } else SvPVX(x)[j] = s[i]; Index: t/net/perl/util.pl =================================================================== RCS file: /home/cvs/modperl/t/net/perl/util.pl,v retrieving revision 1.15 diff -u -r1.15 util.pl --- t/net/perl/util.pl 19 Jun 2002 16:31:52 -0000 1.15 +++ t/net/perl/util.pl 13 Nov 2002 16:54:15 -0000 @@ -3,7 +3,7 @@ use Apache::test; $|++; my $i = 0; -my $tests = 7; +my $tests = 8; my $r = shift; $r->send_http_header('text/plain'); @@ -74,6 +74,18 @@ #print $esc_2; test ++$i, $esc eq $esc_2; + +# add a test for single quotes +my $quotes = qq{let's <include> some "quotes" & stuff}; + +my $quoted1 = Apache::Util::escape_html($quotes); +#print $quoted1; + +my $quoted2 = HTML::Entities::encode($quotes, qq{><&"'}); +#print $quoted2; + +test ++$i, $quoted1 eq $quoted2; + use Benchmark; =pod --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
