I use Apache::Util::escape_html to perform fast HTML-escaping of the
data before displaying it. Unfortunately, this function handles
<, >, & and " but does not handle ' (single quote) - which
can be escaped as '
It would be nice if apos was handled. After all, in HTML file it is
almost equivalent to double quote (it is only the matter of style
whether one uses <a href="some url"> or <a href='some url'>).
Moreover, there happen situation where on can not change quotation
model like in (adapted real example I happened to have trouble with):
<a href="javascript:somefun('[%some_var%]')">
(where some_var is a variable escaped with escape_html and unfortunately
it can happen to contain apostrophe mark)
It seems to me that it would suffice to slightly change the
function my_escape_html in src/modules/perl/Util.xs by
adding new else-if in both if sequences.
PS I do not know how the thing looks in modperl-2 but in case there is
similar problem, I would suggest similar solution.
--
( Marcin Kasperski | A reusable framework that is developed by itself will )
( http://www.mk.w.pl | probably not be very reusable. (Martin) )
(----------------------------------------------------------------------------)
( Z kartą bezpieczniej? http://www.mk.w.pl/artykuly/karty_niebezpieczenstwa )
