Re: Dump a directory as links from CGI

merlyn,

I've noticed that CGI::escape is similar to uri_escape and have been using it successfully to avoid using URI::Escape when CGI is already imported. My tests show that CGI::escape also encodes characters like ! and ? that uri_escape leaves alone.

Here's the relevant source code from CGI.pm escape()

$toencode=~s/([^a-zA-Z0-9_.-])/uc sprintf("%%%02x",ord($1))/eg;
[download]

and here's the code from URI::Escape uri_escape()

# Build a char->hex map
for (0..255) {
    $escapes{chr($_)} = sprintf("%%%02X", $_);
}
$text =~ s/([^;\/?:@&=+\$,A-Za-z0-9\-_.!~*'()])/$escapes{$1}/g;
[download]

My question: Is it safe to use CGI::escape instead of uri_escape?

--
Check out my Perlmonks Related Scripts like framechat, reputer, and xNN.

Comment on Re: Dump a directory as links from CGI Select or Download Code

Replies are listed 'Best First'.
Re: Re: Dump a directory as links from CGI by merlyn (Sage) on May 31, 2001 at 02:39 UTC
For small programs, probably no big deal. However, the table that URI::Escape builds up will make it more efficient in the long run. -- Randal L. Schwartz, Perl hacker	[reply]
Re: Re: Re: Dump a directory as links from CGI by epoptai (Curate) on May 31, 2001 at 06:51 UTC
Thanks for indicating the subtle difference. I've been struggling with this very issue recently and came across a url here at perlmonks that uri_escape doesn't handle, and requires CGI::escape. This small CGI program compares uri_escape and escape by producing two links to perlmonks: #!/usr/bin/perl use CGI qw(:all escape escapeHTML); use URI::Escape; $site = 'http://www.perlmonks.org/index.pl?node='; $user = 'Clive ;-)'; # my test case for whitespace and funny chrs print header,h1("compare"); print '<A HREF="', escapeHTML(uri_escape($site.$user)), '">', escapeHTML($user), '</A> - <tt>escapeHTML(uri_escape($site.$user))</tt><br>'; # does +n't work print '<A HREF="', escapeHTML($site.escape($user)), '">', escapeHTML($user), '</A> - <tt>escapeHTML($site.escape($user))</tt><p>'; # works [download] The 1st print using uri_escape on the whole url returns: http://www.perlmonks.org/index.pl?node=Clive%20;-) The 2nd print using CGI::escape on the param only, yields: http://www.perlmonks.org/index.pl?node=Clive%20%3B-%29 As you can see the semicolon is causing a problem in the uri_escape url. Is this a general condition or just a peculiarity of perlmonks? -- Check out my Perlmonks Related Scripts like framechat, reputer, and xNN.	[reply] [d/l]
Re: Re: Re: Re: Dump a directory as links from CGI by merlyn (Sage) on May 31, 2001 at 07:02 UTC
The escaping of form parameters has different rules and cannot be done with a simple pass. You need to escape it by constructing a URI using URI. So, your example is bogus from the get-go. In particular, what you want is: `$site = 'http://www.perlmonks.org/index.pl'; $user = 'Clive ;-)'; # my test case for whitespace and funny chrs use URI; my $uri = URI->new($site); $uri->query_form( node => $user ); print $uri->as_string;` [download] which prints `http://www.perlmonks.org/index.pl?node=Clive+%3B-)` [download] -- Randal L. Schwartz, Perl hacker	[reply] [d/l] [select]
Re: Dump a directory as links from CGI by cLive ;-) (Prior) on Jun 03, 2001 at 03:35 UTC