> namely "i had a bad feeling about this. we should not be implementing > escape_html to begin with, the functionality should all be in apache." > (...)
The main point in this case: someone decided to escape " (double quote) in escape_html. For HTML, ' (single quote) is practically equivalent (and can be used at the same places for the same purpose). I see no reason to differentiate handling of single and double quote while generating HTML pages. The reason to use escape_html vs HTML::Entities is clear - the speed. And at least in my case one needs to escape just <, >, &, " and ' - the characters which can spoil the way browser interprets HTML. -- ( Marcin Kasperski | Software is not released, it is allowed to escape. ) ( http://www.mk.w.pl | ) (----------------------------------------------------------------------------) ( Moje prywatne strony: http://www.kasperski.prv.pl )