[Catalyst] html escaping question
Carl Franks
fireartist at gmail.com
Wed Mar 21 11:42:08 GMT 2007
On 21/03/07, Mario Minati <mario.minati at googlemail.com> wrote:
> Am Mittwoch 21 März 2007 10:38 schrieb Ash Berlin:
> > Mario Minati wrote:
> > > What is the best/common practice to get text that might containt html
> > > escapable characters (e. g. '&', '<') from a form field to catalyst to db
> > > and back to form field?
> > >
> > > At the moment I'm thinking of not doing any html escaping at all and
> > > believe in unicode to handle the encoding correctly, but I would ran into
> > > problems with '<funname>'.
> > >
> > > So if I escape a string and send it back to the form the content of the
> > > textfield is '<funame>'. Why is that?
> >
> > I'll asume you are using TT since you didn't say otherwise'
> >
> > [% '<funname>' | html %]
>
> You mean I have to filter every form field that way?
> Or do you mean normal text content?
Mario,
Am I right in thinking you're not using formfu in this particular case?
Because if you are, H::FF::Element::field::_render_value() already
runs all values through H::FF::Util::xml_escape() which escapes the 5
characters & " ' < >
In which case you may be double-escaping.
If your page is xhtml, and your page charset is utf-8, the 5
characters above are all that should need escaped, unicode characters
shouldn't need to be.
Carl
More information about the Catalyst
mailing list