Bug in URI ?!
Dominic Mitchell
dom at happygiraffe.net
Wed Aug 16 22:00:17 BST 2006
Matt S Trout wrote:
> Dominic Mitchell wrote:
>> David Dorward wrote:
>>> Paul Makepeace wrote:
>>>> URI::_query::query_form() which makes query strings:
>>>>
>>>> $self->query(@query ? join('&', @query) : undef);
>>>>
>>>> Now as anyone in web standards knows, that ought to be '&'.
>>>
>>> Only if the URI is being written in HTML. Since, to judge from the
>>> module name, it is just a URL there shouldn't be any markup language
>>> specific encoding going on. Once you have the URI you should run it
>>> though a suitable encoding method before using it in markup though.
>>
>> Once again, this highlights how poor our tools our... If templating
>> systems did HTML escaping by default, this wouldn't be an issue (i.e.
>> having to remember to html encode all strings that could possibly
>> contain user input). When will our frameworks grow up?
>
> They already did, you just weren't looking.
>
> package MyApp::View::HTML
>
> use base qw/Catalyst::View::TT/;
>
> __PACKAGE__->config(
> STASH => Template::Stash::EscapeHTML->new
> );
>
> 1;
That's brilliant -- thank you! The only other system I know of that
does this is HTML::Mason...
-Dom
More information about the london.pm
mailing list