On Thu, 14 Nov 2002, Per Einar Ellefsen wrote: > Hi Stas, > > At 03:11 14.11.2002, Stas Bekman wrote: > > > >Don't we have a problem with backwards compatibility here? If people were > >adding extra code to escape ' without checking that it's already escaped, > >now if we do it in escape_html(), there is a problem as it'd be escaped > >twice. Thus this change will break other people's code. > > If it's already escaped, it can't be escaped one more time, because when > escaped it's become ', so there's no single quote there to escape > again. So no backward compatibility problem.
I'm not sure if this would be a big issue, but in principle someone could have some logic that relies on the current behaviour of escape_html() not escaping ' (eg, do something if, after escaping, a ' is present), which could then get broken by this new behaviour. One could get around this by escaping ' only if some flag is explicitly passed in, but perhaps this is too involved .... -- best regards, randy --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
