Has anyone created a filter for quoting HTML attribute values? I
currently escape these values using the following Perl function before
processing the templates, but I would like to move this into the template.
sub value_quote {
my ($var) = (@_);
$var =~ s/\&/\&/g;
$var =~ s/</\</g;
$var =~ s/>/\>/g;
$var =~ s/"/\"/g;
$var =~ s/\r\n/\
/g;
$var =~ s/\n\r/\
/g;
$var =~ s/\r/\
/g;
$var =~ s/\n/\
/g;
return $var;
}
I'm not 100% sure the second and third substitutions (< and >) are
necessary, but the first and fourth (& and =) certainly are. The last
four substitutions are specific to my application and may not even be
necessary any more (they preserve line breaks which would otherwise be
removed or turned into spaces according to the SGMLand HTML
specifications' rules for attribute value parsing).
I know I can probably read the instructions and build my own filter for
it, but I wanted to check and see if anyone has done so yet. Also, this
seems like a good candidate for inclusion in the standard distribution.
In my application (Bugzilla) it occurs even more frequently than
escaping of an HTML string (value_quote appears 102 times in the code,
while html_quote appears only 60 times).
-myk
