Bug in URI ?!
Matt S Trout
dbix-class at trout.me.uk
Wed Aug 16 17:18:28 BST 2006
Dominic Mitchell wrote:
> David Dorward wrote:
>> Paul Makepeace wrote:
>>> URI::_query::query_form() which makes query strings:
>>>
>>> $self->query(@query ? join('&', @query) : undef);
>>>
>>> Now as anyone in web standards knows, that ought to be '&'.
>>
>> Only if the URI is being written in HTML. Since, to judge from the
>> module name, it is just a URL there shouldn't be any markup language
>> specific encoding going on. Once you have the URI you should run it
>> though a suitable encoding method before using it in markup though.
>
> Once again, this highlights how poor our tools our... If templating
> systems did HTML escaping by default, this wouldn't be an issue (i.e.
> having to remember to html encode all strings that could possibly
> contain user input). When will our frameworks grow up?
They already did, you just weren't looking.
package MyApp::View::HTML
use base qw/Catalyst::View::TT/;
__PACKAGE__->config(
STASH => Template::Stash::EscapeHTML->new
);
1;
--
Matt S Trout Offering custom development, consultancy and support
Technical Director contracts for Catalyst, DBIx::Class and BAST. Contact
Shadowcat Systems Ltd. mst (at) shadowcatsystems.co.uk for more information
+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +
More information about the london.pm
mailing list