Re: Best way to use escapeHTML

When inserting text into HTML, pass it through escapeHTML first.

Since you're not producing any HTML in the snippet you posted, its use of escapeHTML is premature.

Comment on Re: Best way to use escapeHTML Select or Download Code

Replies are listed 'Best First'.
Re^2: Best way to use escapeHTML by Anonymous Monk on Aug 08, 2011 at 23:26 UTC
Even this way? `use strict; use CGI qw(:standard escapeHTML); my $q = new CGI; my $test = "What's the big''s deal?!!?? - <script>TEST</script>"; my $comments = $q->escapeHTML( $test ) \|\| ''; print header(); print "test: $comments";` [download]	[reply] [d/l]
Re^3: Best way to use escapeHTML by ikegami (Patriarch) on Aug 09, 2011 at 03:19 UTC
Yes, that's what it's for, although your naming really sucks, and you're using `\|\| ''` against the wrong thing. `my $comment = $cgi->param('comment') \|\| ''; # or whatever ... my $comment_html = $cgi->escapeHTML($comment); print header(); print "<p>Comments: $comment_html\n";` [download]	[reply] [d/l] [select]