Escaping special characters for HTML

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: Escaping special characters for HTML by davido (Cardinal) on Jan 04, 2006 at 07:13 UTC
It couldn't possibly work correctly; you've got all sorts of mismatched quotes. I organized it in a little more readable format, but without changing anything but the use of whitespace, so that it should be easier for you to see that you've completely forgotten to use quotes around text that should be quoted. You may also notice the fact that you've used ',' (comma) where you probably intended to use '.' (concatenation operator) in a few places. ...at least it looks that way to me. Of course you followed up those errors with some more missing quotes, so it's anybody's guess as to the real intent. Here's my reorganized version that hopefully will help you to spot the areas of concern: $newdiv = '<!-- ADD DIVS -->' . "\n" . div({-style=>"position:absolute;left:" . ($startx+$arealeft) . "px;top:" . ($starty+$areatop) . "px;width:" . $width . "px;height:" . $height . "px;cursor:pointer;" , -onclick=>"Start('$cgiurl?id=$custid');return true;" , -onmouseover=>"this.T_WIDTH=170;this.T_BGCOLOR='#ffffff';ret +urn escape(';"\<center\>\<script language=javascript\>\n"document.wri +te(mystats[" . $imagedetails[0]."]);"\n\</script\>\<br\>";\<img src=\'/cgi- +bin/snapad.cgi?x=" . ($startx+$arealeft) . "&y=".$starty . "&width=" . $width . "&height=" . $height . "&image=1\'\>\</center\>');window.status='$imagedetails[ +1]';shw('$imagedetails[0]-pop',event);return true;",-onmouseout=>"win +dow.status=' ';shw('$imagedetails[0]-pop',event);return true;"},'') . "\n"; [download] You'll need to labor on where it is that you intended to place quotes but forgot. At least this format will make it easier to spot. You might consider the advantage of HERE documents. Dave	[reply] [d/l]
Re: Escaping special characters for HTML by mrborisguy (Hermit) on Jan 04, 2006 at 06:40 UTC
Check out How (not) to ask a question). That might give you a little help in reformulating your question so we're willing to help. The next thing I'd try is to split up your line of code into understandable chunks, so you, and we, can get a little bit of understanding as to what is going on. -Bryan	[reply]
Re: Escaping special characters for HTML by serf (Chaplain) on Jan 04, 2006 at 16:14 UTC
Where you are needing to nest double quotes I would recommend using `. qq~key="value"~` [download] or similar notation where the double quotes are for Perl and not part of the data - and save the normal " double quotes for where they need to be used in the HTML/JavaScript/CSS. It will make it much easier to tell where the quotes need to be, and you will be able to have double quotes in your data without escaping them. You are also using more concatination operators than you need to (which doesn't make your code any faster!) e.g. where you have: `."px;width:".$width."px;height:".$height."px;cursor:pointer;"` [download] You could use: `. "px;width:${width}px;height:${height}px;cursor:pointer;"` [download] i.e. protecting the scalar names with {} where they have to be followed immediately by more plain text or underscores. This will improve readability because it will make the code look more like the output is going to look and make the Perl scalars stand out a bit within the code. NB: you don't need to do this when the scalar is followed by an ampersand or other non-variable name character (beware of [ or { which would be the start of an array index or hash though!) It could also simplify things if you did your maths before the assignment instead of embedding it into the concatination if you don't need it to change while it's in the concatination (especially as you're doing the same maths more than once): `$newdiv='<!-- ADD DIVS -->'."\n".div({-style=>"position:absolute;left: +".($startx+$arealeft)."px;top:".($starty+$areatop)."px;width:".$width +."px;height:".$height."px;cursor:pointer;",-onclick=>"Start('$cgiurl? +id=$custid');return true;",` [download] could become: `my $tmp_left = $startx + $arealeft; my $tmp_top = $starty + $areatop; $newdiv= "<!-- ADD DIVS -->\n" . div( { -style => "position:absolute;left:${tmp_left}px;top:${tmp_top} +px;width:${width}px;height:${height}px;cursor:pointer;", -onclick => "Start('$cgiurl?id=$custid');return true;", ...` [download] the only bit that looks particularly broken is the -onmouseover => '...' - it has two 'return's in it for starters... and I'm not sure what else wrong with it, but apart from that I get: `my $tmp_left = $startx + $arealeft; my $tmp_top = $starty + $areatop; my $newdiv= "<!-- ADD DIVS -->\n" . div( { -style => "position:absolute;left:${tmp_left}px;top:${tmp_ +top}px;width:${width}px;height:${height}px;cursor:pointer;", -onmouseover => ( fix this bit... ), -onclick => "Start('$cgiurl?id=$custid');return true;", -onmouseout => "window.status=' ';shw('$imagedetails[0]-po +p',event);return true;", }, '' ) ."\n";` [download]	[reply] [d/l] [select]