> some of us on modperl-dev had a discussion with Doug recently about
> expanding Apache::Util::escape_html() to do things like HTML::Entities
> (such as high-bit characters) and it was decided it was a bad idea.
> see:
> http://marc.theaimsgroup.com/?l=apache-modperl-cvs&m=101708056429561&w=2
> and doug's reply:
> http://marc.theaimsgroup.com/?l=apache-modperl-dev&m=101708105030300&w=2

One additional remark: while suggesting escaping of single quote, I'd
vote against escaping national characters in escape HTML. For
instance, I generate iso-8859-2 encoded Polish pages and I want my
national characters to be left as-is while the text is escaped...

To end the whole argumentation: I suggest escaping ' as this character
is unsafe in HTML. Simultaneously, I suggest keeping advanced entities
out of this utility function.

Reply via email to