You are viewing a plain text version of this content. The canonical link for it is here.

Posted to embperl@perl.apache.org by Robert <ro...@robert.cz> on 2001/11/06 11:57:55 UTC

Stupid quoting question

Hi,

  I must be overlooking something very simple but what should I do with

	[- $fdat{xxx} = 'x"xx' -]
	<input name=xxx>

Embperl generates

	<input name=xxx value="x"xx">

which is of course not exactly what I need. The field values really
comes from DB/Recordset if it makes any difference.

Thanks for your help

- Robert

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Stupid quoting question

Posted by Robert <ro...@robert.cz>.

Andrew O'Brien wrote:
> 
> Well, it depends on how many places :) I would regard it as a bug that
> $escmode was not 3 ... 

I agree it's a bug. I'm going to fix it... sooner or later.

> You'll just have to prefix the above snippets with "local $escmode=0;
> blah" .... there are a lot of places where printing raw HTML to OUT
> can be avoided with a little bit of effort and I've found it usually
> makes things clearer to other readers of your code. Just a thought.

I'm mostly using it when developing new stuff so in production use it
should be quite rare. I'll have to check every page thou which is going
to be rather tedious process...

> Still - there's nothing wrong with $escmode=0 as long as you sanitise
> every %fdat and %fdat-derived variable yourself before you print it :)

Uhm, I'll skip this one. In theory, all my sites are as secure as
possible... ;-)

- R.

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Stupid quoting question

Posted by Andrew O'Brien <an...@switchonline.com.au>.

On Tue, Nov 06, 2001 at 01:59:03PM +0100, Robert wrote:
> Gerald Richter wrote:
> > 
> > > Embperl generates
> > >
> > > <input name=xxx value="x"xx">
> > >
> > 
> > Looks like your escmode isn't set correctly, should be 3. You can verify the
> > value by inserting
> > 
> > [+ $escmode +]
> > 
> > just before your input
> 
> 
> Aha, yes, of course, thanks. Now I remember - I wanted to be able to
> write stuff like 
> 
> 	[- 
> 		...
> 		print OUT Dumper(\%fdat), "<hr>";
> 		...
> 	-]
> 
> mostly for debugging etc, that's why I turned $escmode to 0. But I never
> realized I was heading for "x"xx"-like problems. I'm probably using
> idioms like [+ join "<hr>", map { /xxx/ } @arr +] all over the place...
> There's no easy fix for me, is it? 

Well, it depends on how many places :) I would regard it as a bug that
$escmode was not 3 ... in fact one of the other developers here
registered a bug against my website that $escmode was not 7 :)

You'll just have to prefix the above snippets with "local $escmode=0;
blah" .... there are a lot of places where printing raw HTML to OUT
can be avoided with a little bit of effort and I've found it usually
makes things clearer to other readers of your code. Just a thought.

Still - there's nothing wrong with $escmode=0 as long as you sanitise
every %fdat and %fdat-derived variable yourself before you print it :)

-- 
 Andrew O'Brien                                                               
 Product Engineer                        email: andrewo@switchonline.com.au.
 Switch Online Group Pty Limited         phone: +61 2 9299 1133             
 ABN 89 092 286 327                      fax: +61 2 9299 1134             

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Stupid quoting question

Posted by Robert <ro...@robert.cz>.

Gerald Richter wrote:
> 
> > Embperl generates
> >
> > <input name=xxx value="x"xx">
> >
> 
> Looks like your escmode isn't set correctly, should be 3. You can verify the
> value by inserting
> 
> [+ $escmode +]
> 
> just before your input

Aha, yes, of course, thanks. Now I remember - I wanted to be able to
write stuff like 

	[- 
		...
		print OUT Dumper(\%fdat), "<hr>";
		...
	-]

mostly for debugging etc, that's why I turned $escmode to 0. But I never
realized I was heading for "x"xx"-like problems. I'm probably using
idioms like [+ join "<hr>", map { /xxx/ } @arr +] all over the place...
There's no easy fix for me, is it? 

- R.

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: Stupid quoting question

Posted by Gerald Richter <ri...@ecos.de>.

Hi,
>
>
> Embperl generates
>
> <input name=xxx value="x"xx">
>

Looks like your escmode isn't set correctly, should be 3. You can verify the
value by inserting

[+ $escmode +]

just before your input

Gerald


-------------------------------------------------------------
Gerald Richter    ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting

Post:       Tulpenstrasse 5         D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de         Voice:    +49 6133 925131
WWW:        http://www.ecos.de      Fax:      +49 6133 925152
-------------------------------------------------------------




---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org