You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@perl.apache.org by Stas Bekman <st...@stason.org> on 2004/10/06 00:37:28 UTC
[mp2] missing Apache::Util::escape_html
Marcus has just reminded me that Apache::Util::escape_html fell of our radars:
http://perl.apache.org/docs/2.0/user/porting/compat.html#C_Apache__Util__escape_html___
As the above URL suggests, Messiah is coming really soon now, or in other
words, we were waiting for ap_escape_html to be reworked to not require a
pool. As it didn't happen, how do we proceed? Just exposing the pool is
bad idea, as we come back to the known risk os a user using the wrong pool
to allocate the memory and getting memory corrupted.
though todo/features_missing suggests:
* escape_html() - consider jeff baker's more robust implementation of
my_escape_html(), which should probably be made in apache-2.0 itself
(is there apache api? or just drop it)
Anybody has an idea what code is being mentioned here?
Of course we could just say: use HTML::Entities to do the work, but I
believe it's slow(er?), as it's implemented in perl...
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by David Wheeler <da...@kineticode.com>.
On Oct 5, 2004, at 4:28 PM, Stas Bekman wrote:
> Let's see first how do we resolve that for mod_perl 2. And once we do,
> remind us of this issue.
>
> Of course for mp1 you could use HTML::Entities, couldn't you?
I do.
Regards,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Stas Bekman <st...@stason.org>.
David Wheeler wrote:
> On Oct 5, 2004, at 4:15 PM, Philippe M. Chiasson wrote:
>
>> How about resolving the issue by porting the my_escape_html()
>> from mp1 to mp2 ?
>
>
> Any chance we could get this issue resolved while we're at it?
>
> http://www.mail-archive.com/dev%40perl.apache.org/msg08065.html
Let's see first how do we resolve that for mod_perl 2. And once we do,
remind us of this issue.
Of course for mp1 you could use HTML::Entities, couldn't you?
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by David Wheeler <da...@kineticode.com>.
On Oct 5, 2004, at 4:15 PM, Philippe M. Chiasson wrote:
> How about resolving the issue by porting the my_escape_html()
> from mp1 to mp2 ?
Any chance we could get this issue resolved while we're at it?
http://www.mail-archive.com/dev%40perl.apache.org/msg08065.html
Regards,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Stas Bekman <st...@stason.org>.
Philippe M. Chiasson wrote:
[...]
>> though todo/features_missing suggests:
>> * escape_html() - consider jeff baker's more robust implementation of
>> my_escape_html(), which should probably be made in apache-2.0 itself
>> (is there apache api? or just drop it)
>>
>> Anybody has an idea what code is being mentioned here?
>
>
> AFAIK, it's in mod_perl 1.x src/modules/perl/Util.xs
>
>> Of course we could just say: use HTML::Entities to do the work, but I
>> believe it's slow(er?), as it's implemented in perl...
>
>
> How about resolving the issue by porting the my_escape_html()
> from mp1 to mp2 ?
+1, but can we somehow figure out what was jeff's better implementation?
email jeff or something or try to google for it?
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by "Philippe M. Chiasson" <go...@ectoplasm.org>.
Stas Bekman wrote:
> Marcus has just reminded me that Apache::Util::escape_html fell of our radars:
> http://perl.apache.org/docs/2.0/user/porting/compat.html#C_Apache__Util__escape_html___
>
> As the above URL suggests, Messiah is coming really soon now, or in other
> words, we were waiting for ap_escape_html to be reworked to not require a
> pool. As it didn't happen, how do we proceed? Just exposing the pool is
> bad idea, as we come back to the known risk os a user using the wrong pool
> to allocate the memory and getting memory corrupted.
Agreed, it's not a good idea.
> though todo/features_missing suggests:
> * escape_html() - consider jeff baker's more robust implementation of
> my_escape_html(), which should probably be made in apache-2.0 itself
> (is there apache api? or just drop it)
>
> Anybody has an idea what code is being mentioned here?
AFAIK, it's in mod_perl 1.x src/modules/perl/Util.xs
> Of course we could just say: use HTML::Entities to do the work, but I
> believe it's slow(er?), as it's implemented in perl...
How about resolving the issue by porting the my_escape_html()
from mp1 to mp2 ?
--
--------------------------------------------------------------------------------
Philippe M. Chiasson m/gozer\@(apache|cpan|ectoplasm)\.org/ GPG KeyID : 88C3A5A5
http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3A5A5
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by "Philippe M. Chiasson" <go...@ectoplasm.org>.
Stas Bekman wrote:
> Geoffrey Young wrote:
>
>>>Of course we could just say: use HTML::Entities to do the work, but I
>>>believe it's slow(er?), as it's implemented in perl...
>>
>>
>>I don't think it's our job to create a C implementation. perl people have
>>HTML::Entities, which is excellent. if they want something faster they can
>>code it themselves, start a new XS-based Entites, or whatever. at this
>>stage in the game we need to keep our focus, which is apache and not html
>>generation.
>>
>>so, I'm +1 to forget all about an Apache::Util::escape_html in mp2 core.
>
>
> Works for me.
Works for me 2
> So should I just adjust:
> http://perl.apache.org/docs/2.0/user/porting/compat.html#C_Apache__Util__escape_html___
> to say, use HTML::Entities instead?
Yah!
>
--
--------------------------------------------------------------------------------
Philippe M. Chiasson m/gozer\@(apache|cpan|ectoplasm)\.org/ GPG KeyID : 88C3A5A5
http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3A5A5
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by David Wheeler <da...@kineticode.com>.
On Oct 6, 2004, at 2:48 PM, Stas Bekman wrote:
> Nope. I've just assumed that you already read the doc before
> submitting a bug report and it wasn't there. Indeed it already covers
> that :)
D'oh!
Thanks,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Stas Bekman <st...@stason.org>.
David Wheeler wrote:
> On Oct 5, 2004, at 5:45 PM, Stas Bekman wrote:
>
>> I wasn't suggesting that you do that, just asking for your opinion,
>> but if you want to, that's great! There are two places that need to be
>> fixed, on in Util.pm in the modperl source, the other is in
>> src/docs/1.0/api/Apache/Util.pod.
>
>
> Oh, I see it already has:
>
>> This function will correctly escape US-ASCII output. If you are using
>> a different character set such as UTF8, or need more control on
>> the escaping process, use HTML::Entities.
>
>
> Did you just add that?
Nope. I've just assumed that you already read the doc before submitting a
bug report and it wasn't there. Indeed it already covers that :)
>> As mentioned before, patches are welcome. We certainly aren't going to
>> spend any time on mp1 before 2.0 is released, or else 2.0 will never
>> get released...
> Understood. Keep up the good work on 2.0!
;)
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by David Wheeler <da...@kineticode.com>.
On Oct 5, 2004, at 5:45 PM, Stas Bekman wrote:
> I wasn't suggesting that you do that, just asking for your opinion,
> but if you want to, that's great! There are two places that need to be
> fixed, on in Util.pm in the modperl source, the other is in
> src/docs/1.0/api/Apache/Util.pod.
Oh, I see it already has:
> This function will correctly escape US-ASCII output. If you are using
> a different character set such as UTF8, or need more control on
> the escaping process, use HTML::Entities.
Did you just add that?
> As mentioned before, patches are welcome. We certainly aren't going to
> spend any time on mp1 before 2.0 is released, or else 2.0 will never
> get released...
Understood. Keep up the good work on 2.0!
Regards,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Stas Bekman <st...@stason.org>.
David Wheeler wrote:
> On Oct 5, 2004, at 5:25 PM, Stas Bekman wrote:
>
>> So David, I guess we will do the same for mp1 too?
>> http://perl.apache.org/docs/1.0/api/Apache/Util.html
>
>
> Since when did I become the maintainer of mp1? ;-)
I wasn't suggesting that you do that, just asking for your opinion, but if
you want to, that's great! There are two places that need to be fixed, on
in Util.pm in the modperl source, the other is in
src/docs/1.0/api/Apache/Util.pod.
> Yeah, I can document it, but it'd be nice to see it fixed, too.
As mentioned before, patches are welcome. We certainly aren't going to
spend any time on mp1 before 2.0 is released, or else 2.0 will never get
released...
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by David Wheeler <da...@kineticode.com>.
On Oct 5, 2004, at 5:25 PM, Stas Bekman wrote:
> So David, I guess we will do the same for mp1 too?
> http://perl.apache.org/docs/1.0/api/Apache/Util.html
Since when did I become the maintainer of mp1? ;-)
Yeah, I can document it, but it'd be nice to see it fixed, too.
Regards,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Stas Bekman <st...@stason.org>.
David Wheeler wrote:
> On Oct 5, 2004, at 5:04 PM, Stas Bekman wrote:
>
>>> so, I'm +1 to forget all about an Apache::Util::escape_html in mp2
>>> core.
>>
>>
>> Works for me.
>>
>> So should I just adjust:
>> http://perl.apache.org/docs/2.0/user/porting/
>> compat.html#C_Apache__Util__escape_html___
>> to say, use HTML::Entities instead?
>
>
> Yes, better a pointer to a correct but slow implementation than to have
> a broken one (as in mp1's escape_html).
So David, I guess we will do the same for mp1 too?
http://perl.apache.org/docs/1.0/api/Apache/Util.html
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by David Wheeler <da...@kineticode.com>.
On Oct 5, 2004, at 5:04 PM, Stas Bekman wrote:
>> so, I'm +1 to forget all about an Apache::Util::escape_html in mp2
>> core.
>
> Works for me.
>
> So should I just adjust:
> http://perl.apache.org/docs/2.0/user/porting/
> compat.html#C_Apache__Util__escape_html___
> to say, use HTML::Entities instead?
Yes, better a pointer to a correct but slow implementation than to have
a broken one (as in mp1's escape_html).
Regards,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Stas Bekman <st...@stason.org>.
Geoffrey Young wrote:
>>Of course we could just say: use HTML::Entities to do the work, but I
>>believe it's slow(er?), as it's implemented in perl...
>
>
> I don't think it's our job to create a C implementation. perl people have
> HTML::Entities, which is excellent. if they want something faster they can
> code it themselves, start a new XS-based Entites, or whatever. at this
> stage in the game we need to keep our focus, which is apache and not html
> generation.
>
> so, I'm +1 to forget all about an Apache::Util::escape_html in mp2 core.
Works for me.
So should I just adjust:
http://perl.apache.org/docs/2.0/user/porting/compat.html#C_Apache__Util__escape_html___
to say, use HTML::Entities instead?
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
> Of course we could just say: use HTML::Entities to do the work, but I
> believe it's slow(er?), as it's implemented in perl...
I don't think it's our job to create a C implementation. perl people have
HTML::Entities, which is excellent. if they want something faster they can
code it themselves, start a new XS-based Entites, or whatever. at this
stage in the game we need to keep our focus, which is apache and not html
generation.
so, I'm +1 to forget all about an Apache::Util::escape_html in mp2 core.
--Geoff
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by David Wheeler <da...@kineticode.com>.
On Oct 5, 2004, at 4:25 PM, Stas Bekman wrote:
> So there is no CPAN lib that does that in C?
Not that I know of. But keeping track of the flag should be dead
simple. See the Encode sources. No, let me share them with you:
SV *
_utf8_on(sv)
SV * sv
CODE:
{
if (SvPOK(sv)) {
SV *rsv = newSViv(SvUTF8(sv));
RETVAL = rsv;
SvUTF8_on(sv);
} else {
RETVAL = &PL_sv_undef;
}
}
OUTPUT:
RETVAL
SV *
_utf8_off(sv)
SV * sv
CODE:
{
if (SvPOK(sv)) {
SV *rsv = newSViv(SvUTF8(sv));
RETVAL = rsv;
SvUTF8_off(sv);
} else {
RETVAL = &PL_sv_undef;
}
}
OUTPUT:
RETVAL
> Or do you by chance familiar with the work by jeff baker (which is
> supposedly written in C)? may be it deals correctly with that issue?
No, and a quick Googling only gives me links to the ToDo list (and to
"The Fabulous Baker Boys" DVD: Michelle Pfeiffer, YUM!).
Ahem.
> Alternatively we could just borrow ap_escape_html and rewrite it to
> not use the pool, but Perl's memory allocator.
/me doesn't care, as long as utf8 works properly.
Regards,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Stas Bekman <st...@stason.org>.
Philippe M. Chiasson wrote:
[...]
>> Alternatively we could just borrow ap_escape_html and rewrite it to
>> not use the pool, but Perl's memory allocator.
>
>
> Or just use ap_escape_html but create/destroy a temporary pool for it to
> use ?
-1, you will need to copy the string twice to move it into the Perl
allocation (which we do with relative_docroot and it sucks!)
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by "Philippe M. Chiasson" <go...@ectoplasm.org>.
Stas Bekman wrote:
> David Wheeler wrote:
>
>>On Oct 5, 2004, at 3:37 PM, Stas Bekman wrote:
>>
>>
>>>Of course we could just say: use HTML::Entities to do the work, but I
>>>believe it's slow(er?), as it's implemented in perl...
>
>
>>It is slower, but it's also more correct, in that it doesn't turn of the
>>utf8 flag of the strings passed to it.
>
>
> So there is no CPAN lib that does that in C? Or do you by chance familiar
> with the work by jeff baker (which is supposedly written in C)? may be it
> deals correctly with that issue?
>
> Alternatively we could just borrow ap_escape_html and rewrite it to not
> use the pool, but Perl's memory allocator.
Or just use ap_escape_html but create/destroy a temporary pool for it to
use ?
>
--
--------------------------------------------------------------------------------
Philippe M. Chiasson m/gozer\@(apache|cpan|ectoplasm)\.org/ GPG KeyID : 88C3A5A5
http://gozer.ectoplasm.org/ F9BF E0C2 480E 7680 1AE5 3631 CB32 A107 88C3A5A5
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by Stas Bekman <st...@stason.org>.
David Wheeler wrote:
> On Oct 5, 2004, at 3:37 PM, Stas Bekman wrote:
>
>> Of course we could just say: use HTML::Entities to do the work, but I
>> believe it's slow(er?), as it's implemented in perl...
> It is slower, but it's also more correct, in that it doesn't turn of the
> utf8 flag of the strings passed to it.
So there is no CPAN lib that does that in C? Or do you by chance familiar
with the work by jeff baker (which is supposedly written in C)? may be it
deals correctly with that issue?
Alternatively we could just borrow ap_escape_html and rewrite it to not
use the pool, but Perl's memory allocator.
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org
Re: [mp2] missing Apache::Util::escape_html
Posted by David Wheeler <da...@kineticode.com>.
On Oct 5, 2004, at 3:37 PM, Stas Bekman wrote:
> Of course we could just say: use HTML::Entities to do the work, but I
> believe it's slow(er?), as it's implemented in perl...
It is slower, but it's also more correct, in that it doesn't turn of
the utf8 flag of the strings passed to it.
Regards,
David
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@perl.apache.org
For additional commands, e-mail: dev-help@perl.apache.org