Update: I'm a klutz.. don't forget to see asarih's reply below.
FWIW, you need to add s/&/&/g; to your substitutions for a minimal escaping solution.
Also, you must terminate your entities with a semicolon - it's < and not <. (Well, the latter is acceptable in some cases under SGML, but don't go there unless you like headaches.)
A few style suggestions on your code - try something like this:
s/</</ for @HTML;
s/>/>/ for @HTML;
s/&/&/ for @HTML;
print '<textarea>', join("", @HTML), '</textarea>';
Much easier on the eyes, no? Anyway, as I've already said:
use CGI qw(:standard);
print textarea('', escapeHTML(join '', @HTML));
Makeshifts last the longest. |