> some of us on modperl-dev had a discussion with Doug recently about > expanding Apache::Util::escape_html() to do things like HTML::Entities > (such as high-bit characters) and it was decided it was a bad idea. > see: > http://marc.theaimsgroup.com/?l=apache-modperl-cvs&m=101708056429561&w=2 > and doug's reply: > http://marc.theaimsgroup.com/?l=apache-modperl-dev&m=101708105030300&w=2
One additional remark: while suggesting escaping of single quote, I'd vote against escaping national characters in escape HTML. For instance, I generate iso-8859-2 encoded Polish pages and I want my national characters to be left as-is while the text is escaped... To end the whole argumentation: I suggest escaping ' as this character is unsafe in HTML. Simultaneously, I suggest keeping advanced entities out of this utility function.