Re: HTML Entities

If you want to use a regex, s/([<&>])/'&#' . ord($1) . ';'/ge is a nice one, but I'd rather s/&/&/g, s/<...etc.
Best way to add entities is using HTML::Entities.

The solution to your problem can't be give, because no code is known to us. General rule: never _STORE_ escaped data (except for caching purposes, of course), escape it only when you need it escaped.

++ vs lbh qrpbqrq guvf hfvat n ge va Crey :)
Nabgure bar vs lbh qvq fb jvgubhg ernqvat n znahny svefg.
-- vs lbh hfrq OFQ pnrfne ;)
    - Whreq

Comment on Re: HTML Entities Select or Download Code

Replies are listed 'Best First'.
Re: Re: HTML Entities by Hero Zzyzzx (Curate) on Mar 08, 2002 at 02:10 UTC
I agree that you should never store escaped data (well, except when you HAVE to and it's done transparently, like placeholders and DBI). My personal fav for stuff like this is the escapeHTML() method provided by the helping friendly CGI. You're probably using CGI in your application anyway, so you might as well use one more method. #!/usr/bin/perl -wT use strict; use CGI; my $q=CGI->new(); print $q->header(), $q->start_html(-title=>'My little preview thingy'); if($q->param('submit')){ #print the preview because this has been submitted. print $q->h3('Source-'), $q->escapeHTML($q->param('preview_field')), $q->hr(), $q->h3('HTML-'), $q->param('preview_field'), $q->hr(); } print $q->start_form(), $q->h4('Put your stuff here'), $q->textarea(-name=>'preview_field',-rows=>20,-columns=>60), $q->br(), $q->submit(-name=>'submit',-value=>'Hit me baby one more time'), $q->end_form(); [download] -Any sufficiently advanced technology is indistinguishable from doubletalk.	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: HTML Entities
by Hero Zzyzzx (Curate) on Mar 08, 2002 at 02:10 UTC

I agree that you should never store escaped data (well, except when you HAVE to and it's done transparently, like placeholders and DBI).

My personal fav for stuff like this is the escapeHTML() method provided by the helping friendly CGI. You're probably using CGI in your application anyway, so you might as well use one more method.

#!/usr/bin/perl -wT
use strict;
use CGI;
my $q=CGI->new();
print $q->header(),
     $q->start_html(-title=>'My little preview thingy');

if($q->param('submit')){
     #print the preview because this has been submitted.

     print
          $q->h3('Source-'), 
          $q->escapeHTML($q->param('preview_field')),
          $q->hr(),
          $q->h3('HTML-'), 
          $q->param('preview_field'),
          $q->hr();
}

print $q->start_form(),
     $q->h4('Put your stuff here'),
     $q->textarea(-name=>'preview_field',-rows=>20,-columns=>60),
     $q->br(),
     $q->submit(-name=>'submit',-value=>'Hit me baby one more time'),
     $q->end_form();
[download]

-Any sufficiently advanced technology is
indistinguishable from doubletalk.

[reply]
[d/l]