Bug in URI ?!

Matt S Trout dbix-class at trout.me.uk
Wed Aug 16 17:18:28 BST 2006

Dominic Mitchell wrote:
> David Dorward wrote:
>> Paul Makepeace wrote:
>>> URI::_query::query_form() which makes query strings:
>>>  $self->query(@query ? join('&', @query) : undef);
>>> Now as anyone in web standards knows, that ought to be '&'.
>> Only if the URI is being written in HTML. Since, to judge from the
>> module name, it is just a URL there shouldn't be any markup language
>> specific encoding going on. Once you have the URI you should run it
>> though a suitable encoding method before using it in markup though.
> Once again, this highlights how poor our tools our...  If templating 
> systems did HTML escaping by default, this wouldn't be an issue (i.e. 
> having to remember to html encode all strings that could possibly 
> contain user input).  When will our frameworks grow up?

They already did, you just weren't looking.

package MyApp::View::HTML

use base qw/Catalyst::View::TT/;

   STASH => Template::Stash::EscapeHTML->new


      Matt S Trout       Offering custom development, consultancy and support
   Technical Director    contracts for Catalyst, DBIx::Class and BAST. Contact
Shadowcat Systems Ltd.  mst (at) shadowcatsystems.co.uk for more information

+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +

More information about the london.pm mailing list