On 21/03/07, Mario Minati <[EMAIL PROTECTED]> wrote:
Am Mittwoch 21 März 2007 10:38 schrieb Ash Berlin:
> Mario Minati wrote:
> > What is the best/common practice to get text that might containt html
> > escapable characters (e. g. '&', '<') from a form field to catalyst to db
> > and back to form field?
> >
> > At the moment I'm thinking of not doing any html escaping at all and
> > believe in unicode to handle the encoding correctly, but I would ran into
> > problems with '<funname>'.
> >
> > So if I escape a string and send it back to the form the content of the
> > textfield is '<funame>'. Why is that?
>
> I'll asume you are using TT since you didn't say otherwise'
>
> [% '<funname>' | html %]
You mean I have to filter every form field that way?
Or do you mean normal text content?
Mario,
Am I right in thinking you're not using formfu in this particular case?
Because if you are, H::FF::Element::field::_render_value() already
runs all values through H::FF::Util::xml_escape() which escapes the 5
characters & " ' < >
In which case you may be double-escaping.
If your page is xhtml, and your page charset is utf-8, the 5
characters above are all that should need escaped, unicode characters
shouldn't need to be.
Carl
_______________________________________________
List: [email protected]
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
