Bug in URI ?!

Dominic Mitchell dom at happygiraffe.net
Wed Aug 16 22:00:17 BST 2006


Matt S Trout wrote:
> Dominic Mitchell wrote:
>> David Dorward wrote:
>>> Paul Makepeace wrote:
>>>> URI::_query::query_form() which makes query strings:
>>>>
>>>>  $self->query(@query ? join('&', @query) : undef);
>>>>
>>>> Now as anyone in web standards knows, that ought to be '&'.
>>>
>>> Only if the URI is being written in HTML. Since, to judge from the
>>> module name, it is just a URL there shouldn't be any markup language
>>> specific encoding going on. Once you have the URI you should run it
>>> though a suitable encoding method before using it in markup though.
>>
>> Once again, this highlights how poor our tools our...  If templating 
>> systems did HTML escaping by default, this wouldn't be an issue (i.e. 
>> having to remember to html encode all strings that could possibly 
>> contain user input).  When will our frameworks grow up?
> 
> They already did, you just weren't looking.
> 
> package MyApp::View::HTML
> 
> use base qw/Catalyst::View::TT/;
> 
> __PACKAGE__->config(
>   STASH => Template::Stash::EscapeHTML->new
> );
> 
> 1;

That's brilliant -- thank you!  The only other system I know of that 
does this is HTML::Mason...

-Dom


More information about the london.pm mailing list