HTML Entities

Cody Pendant has asked for the wisdom of the Perl Monks concerning the following question:

I'll admit in advance that this isn't completely a Perl Question, but I know you'll be able to help.

I've been working on scripts where you put text into a browser form, including HTML, and then you preview, just like one does here.

When a preview happens, the text in the box gets put on on the browser page above, and the text remains editable in the form box below, just as happens here.

What happens if I want to put HTML brackets into the text in the box to demonstrate the use of an HTML tag?

I use < and > to get the brackets < and >, right?

When I preview, a regex changes those entities, so that they don't turn into HTML when saved.

If I only ever preview once, that's OK, but a second preview and they're double-coded.

Now I've got &amp;amp;lt; , and if I preview again, I'll get &amp;amp;amp;lt;

Is there a better regex? Or any other way to get around this? --

($_='jjjuuusssttt annootthhrer
     pppeeerrrlll haaaccckkeer')=~y/a-z//s;print;
[download]

Comment on HTML Entities Download Code

Replies are listed 'Best First'.
Re: HTML Entities by larryk (Friar) on Mar 07, 2002 at 09:26 UTC
just lookahead to make sure the '&' is not followed by 'amp;' : `s/&(?!amp;)/&/g` [download] hth larryk perl -le "s,,reverse killer,e,y,rifle,lycra,,print"	[reply] [d/l]
Re: HTML Entities by Juerd (Abbot) on Mar 07, 2002 at 12:06 UTC
If you want to use a regex, `s/([<&>])/'&#' . ord($1) . ';'/ge` is a nice one, `but I'd rather s/&/&/g, s/<...etc`. Best way to add entities is using HTML::Entities. The solution to your problem can't be give, because no code is known to us. General rule: never _STORE_ escaped data (except for caching purposes, of course), escape it only when you need it escaped. ++ vs lbh qrpbqrq guvf hfvat n ge va Crey :) Nabgure bar vs lbh qvq fb jvgubhg ernqvat n znahny svefg. -- vs lbh hfrq OFQ pnrfne ;) - Whreq	[reply] [d/l] [select]
Re: Re: HTML Entities by Hero Zzyzzx (Curate) on Mar 08, 2002 at 02:10 UTC
I agree that you should never store escaped data (well, except when you HAVE to and it's done transparently, like placeholders and DBI). My personal fav for stuff like this is the escapeHTML() method provided by the helping friendly CGI. You're probably using CGI in your application anyway, so you might as well use one more method. #!/usr/bin/perl -wT use strict; use CGI; my $q=CGI->new(); print $q->header(), $q->start_html(-title=>'My little preview thingy'); if($q->param('submit')){ #print the preview because this has been submitted. print $q->h3('Source-'), $q->escapeHTML($q->param('preview_field')), $q->hr(), $q->h3('HTML-'), $q->param('preview_field'), $q->hr(); } print $q->start_form(), $q->h4('Put your stuff here'), $q->textarea(-name=>'preview_field',-rows=>20,-columns=>60), $q->br(), $q->submit(-name=>'submit',-value=>'Hit me baby one more time'), $q->end_form(); [download] -Any sufficiently advanced technology is indistinguishable from doubletalk.	[reply] [d/l]