summaryrefslogtreecommitdiff
path: root/git-applypatch.sh
diff options
context:
space:
mode:
authorLibravatar Jakub Narebski <jnareb@gmail.com>2007-03-07 02:21:25 +0100
committerLibravatar Junio C Hamano <junkio@cox.net>2007-03-24 22:25:47 -0700
commit346d5e1835937d701785300717ce34f92609c2b3 (patch)
tree68d0b3f593bd5dcec6da77cb66e450944898c237 /git-applypatch.sh
parentgitweb: Change to use explicitly function call cgi->escapHTML() (diff)
downloadtgif-346d5e1835937d701785300717ce34f92609c2b3.tar.xz
gitweb: Don't escape attributes in CGI.pm HTML methods
There is no need to escape HTML tag's attributes in CGI.pm HTML methods (like CGI::a()), because CGI.pm does attribute escaping automatically. $cgi->a({ ... -attribute => atribute_value }, tag_contents) is translated to <a ... attribute="attribute_value">tag_contents</a> The rules for escaping attribute values (which are string contents) are different. For example you have to take care about escaping embedded '"' and "'" characters; CGI::a() does that for us automatically. CGI::a() does not HTML escape tag_contents; we would need to write <a href="URL">some <b>bold</b> text</a> for example. So we use esc_html (or esc_path) to escape tag_contents as needed. Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
Diffstat (limited to 'git-applypatch.sh')
0 files changed, 0 insertions, 0 deletions