diff options
| author |  Jakub Narebski <jnareb@gmail.com> | 2007-03-07 02:21:25 +0100 |
|---|---|---|
| committer |  Junio C Hamano <junkio@cox.net> | 2007-03-24 22:25:47 -0700 |
| commit | 346d5e1835937d701785300717ce34f92609c2b3 (patch) | |
| tree | 68d0b3f593bd5dcec6da77cb66e450944898c237 /builtin-runstatus.c | |
| parent | gitweb: Change to use explicitly function call cgi->escapHTML() (diff) | |
| download | tgif-346d5e1835937d701785300717ce34f92609c2b3.tar.xz | |
gitweb: Don't escape attributes in CGI.pm HTML methods
There is no need to escape HTML tag's attributes in CGI.pm
HTML methods (like CGI::a()), because CGI.pm does attribute
escaping automatically.
$cgi->a({ ... -attribute => atribute_value }, tag_contents)
is translated to
<a ... attribute="attribute_value">tag_contents</a>
The rules for escaping attribute values (which are string contents) are
different. For example you have to take care about escaping embedded '"'
and "'" characters; CGI::a() does that for us automatically.
CGI::a() does not HTML escape tag_contents; we would need to write
<a href="URL">some <b>bold</b> text</a>
for example. So we use esc_html (or esc_path) to escape tag_contents
as needed.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
Diffstat (limited to 'builtin-runstatus.c')
0 files changed, 0 insertions, 0 deletions