Escaping HTML tags (was: Content-Type: text/html;)

amearse has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks,

I have two CGI's. One that stores form input in a MySQL database. The other an Admin page to view the user input in nicely formated tables. One of the input fields is really large for posting spam with complete headers. The problem is that the spam is sometimes html-laden which makes it very ugly when it is viewed through the admin CGI.

Is there a way to view the spam in plain-text form via the CGI? Or do I have to strip out the html first?

Here is the code that displays the content.

sub full_report
{
my $row = shift;
        print "<HR>", strong("Full Report");
        print "<TABLE BORDER=1>";
                my $edit_url = sprintf ("%s?choice=edit;id=%d", url(),
+ $row->{id});
                my $delete_url = sprintf ("%s?choice=delete;id=%d", ur
+l(), $row->{id});
                my $full_report_url = sprintf ("%s?choice=full_report;
+id=%d", url(), $row->{id});

                print "<TR>",
                                        "<TD>$row->{id}</TD>",
                                        "<TD>$row->{date}</TD>",
                                        "<TD>$row->{summary}</TD>",
                                        "<TD>$row->{type}</TD>",
                                        "<TD>",
                                        "[", a({-href => $delete_url},
+ "Delete"), "]",
                                        "[", a({-href => $edit_url}, "
+Edit"), "]",
                                        "[", a({-href => $full_report_
+url}, "Full Report"), "]",
                                        "</TD>",
                                        "<TR><TD COLSPAN=6>$row->{mess
+age}</TD></TR>",
                     "</TR></TABLE>";
}
[download]

Edit kudra, 2002-06-06 Changed title, added p

Comment on Escaping HTML tags (was: Content-Type: text/html;) Download Code

Replies are listed 'Best First'.
Re: Content-Type: text/html; by Hero Zzyzzx (Curate) on Jun 04, 2002 at 02:22 UTC
If you're using CGI (of course you are. . .) you can use the escapeHTML method it provides, thusly- `"<TR><TD COLSPAN=6>$q->escapeHTML($row->{message})</TD></TR>",` [download] If it freaks out and prints a hashref instead of your html, you need to stuff the output of $q->escapeHTML($row->{message}) into a scalar and use that. Does anyone know why this happens with return values from CGI methods? -Any sufficiently advanced technology is indistinguishable from doubletalk.	[reply] [d/l]
Re: Content-Type: text/html; by DamnDirtyApe (Curate) on Jun 04, 2002 at 02:41 UTC
You can disable the HTML-rendering by using `s/</</g` on all code that you want to view in plain-text. Wrap it in `<PRE>` tags, and you should get the desired results. :-) _______________ D a m n D i r t y A p e Home Node \| Email	[reply]
Re: Content-Type: text/html; by Aristotle (Chancellor) on Jun 04, 2002 at 11:44 UTC
Do you mean you are already escaping the HTML, so that the tags are visible as plaintext, but that is not to your liking? If so, a simple `s/<[^>]>//sgi` on the unescaped(!) content will do what you're asking for - of course, for anything with tables, or when the content is positioned via CSS, the result will likely be quite unrecognizable. Makeshifts last the longest.*	[reply] [d/l]
Re: Content-Type: text/html; by Hero Zzyzzx (Curate) on Jun 04, 2002 at 15:22 UTC
Oh yeah. I forgot about `pre` tags. Here's the amended version: `$q->pre($q->escapeHTML($row->{message}))` [download] in case you couldn't figure that out yourself. .. ;-) -Any sufficiently advanced technology is indistinguishable from doubletalk.	[reply] [d/l] [select]
Re: Content-Type: text/html; by George_Sherston (Vicar) on Jun 04, 2002 at 16:42 UTC
Like other monks I'm not quite sure what you want to achieve, but for many of the things you might be after, HTML::TagParser would be useful § George Sherston	[reply]