You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Trey Hyde <Ri...@cnet.com> on 2006/08/21 23:23:36 UTC
Autoescaping using syntax modes
For various reasons, we have escmode set to 0 globally in our
application. I'm in the process of converting said application to
embperl 2 and I'd like to take advantage of the extendable syntax modes
and do escaping a little more transparently (rather than the explicit
escaping we are doing now).
This working fine for attribute values like:
$self->AddTag("input", ["id", "name", "type", "value"], undef(),
undef(),
{ perlcode => q{
_ep_sa(%$n%, 'value', $epreq->Escape(%&'value%, 5));
}});
But I'm having a little trouble with textareas.
Given this input,
<textarea name="foo">test</textarea>
and
$self->AddTag("textarea", ["id", "name", "rows", "cols"], undef(),
undef(),
{ perlcode => q{
print STDERR "|".XML::Embperl::DOM::Node::iChildsText(%$n%)."|
\n";
_ep_rp(%$x%,
$epreq->Escape(XML::Embperl::DOM::Node::iChildsText(%$n%), 5));
}});
I'd expect |test| in my logs. I'm getting ||. If I change "test" to
something that actually warrants escaping, I will still get the original
text, not the escaped text.
If I change it to
$self->AddTag("textarea", ["id", "name", "rows", "cols"], undef(),
undef(),
{ perlcode => q{
print STDERR "|".XML::Embperl::DOM::Node::iChildsText(%$n%)."|
\n";
_ep_rp(%$x%, $epreq->Escape("hello world", 5));
}});
I will actually get the following as embperl output.
<textarea name="foo">hello worldtest</textarea>
So I think I'm not understanding some of the functions or special
variables here. Can anyone lend some help? Thanks
Running Embperl 2.2 on Apache 1.3.29.
________________________________________________________________________
Richard "Trey" Hyde
Lead Software Engineer, CNET Channel
Richard.Hyde@cnet.com
RE: Autoescaping using syntax modes
Posted by Gerald Richter <ri...@ecos.de>.
>
> I wasn't expecting to see the <world> escaped in such a way.
> What is bizarre is that this behavior only seems to affect
> the first [+ +] block.
>
Embperl works this way to allow local $escmode to work in normal pages. If
you change $escmode and reset it again, the reset will done after the first
output. That is exactly what you are seeing.
You could use $epreq -> component -> curr_esc_mode instead, but you have to
enable it in xsbuilder/maps/ep_structure.map (remove the ! At the start of
the line) and run xsbuilder/source_scan.pl and xsbuilder/xs_generate.pl.
Afterwards rebuild Embperl.
Gerald
** Virus checked by BB-5000 Mailfilter **
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
RE: Autoescaping using syntax modes
Posted by Trey Hyde <Ri...@cnet.com>.
On Fri, 2006-09-01 at 06:03 +0200, Gerald Richter wrote:
> >
> > But I'm having a little trouble with textareas.
> >
> > Given this input,
> >
> > <textarea name="foo">test</textarea>
> >
> > and
> >
> > $self->AddTag("textarea", ["id", "name", "rows", "cols"],
> > undef(), undef(),
> > { perlcode => q{
> > print STDERR
> > "|".XML::Embperl::DOM::Node::iChildsText(%$n%)."|\n";
> > _ep_rp(%$x%,
> > $epreq->Escape(XML::Embperl::DOM::Node::iChildsText(%$n%), 5));
> > }});
> >
>
> If I remeber right out of my head you should use perlcodeend => instead of
> perlcode => because the XML::Embperl::DOM::Node::iChildsText needs to run at
> the end of the textarea.
>
> Gerald
FYI, it will probably be important to know that I'm running Apache
1.3.29 with Embperl 2.2.0.
I've changed my tact a bit, I'm specifying which tags I'd like contents
to be escaped on by doing the following inside of my syntaxmode.
$self->AddTag("input", ["id", "name", "type", "value", "size",
"maxlength"], undef(), undef(),
{ perlcode => 'local $escmode = 7;',
perlcodeend => 'local $escmode = 0;' }
This works very well, until I hit what looks like a scoping problem.
This code,
[- $escmode = 0; -]
[+ "<html>" +]
<head><title>esc test</title>
</head>
<body>
Hello<br/>
<form action="POST">
<input name="foo" />
</form>
<br />
[+ "<world>" +]
[+ "</body>" +]
[+ "</html>" +]
produces
<html>
<head><title>esc test</title>
</head>
<body>
Hello<br/>
<form action="POST">
<input name="foo" />
</form>
<br />
<world>
</body>
</html>
I wasn't expecting to see the <world> escaped in such a way. What is bizarre is that this behavior only seems to affect the first [+ +] block.
This:
[- $escmode = 0; -]
[+ "<html>" +]
<head><title>esc test</title>
</head>
<body>
Hello<br/>
<form action="POST">
<input name="foo" />
</form>
<br />
Escmode [+ $escmode +]
[+ "<world>" +]
[+ "</body>" +]
[+ "</html>" +]
produces this.
<html>
<head><title>esc test</title>
</head>
<body>
Hello<br/>
<form action="POST">
<input name="foo" />
</form>
<br />
Escmode 0
<world>
</body>
</html>
This verifies (I believe) that my AddTag code isn't leaving $escmode in
some sort of strange state. If I change the AddTag declaration to use
$escmode WITHOUT the local modifier, the same behavior happens.
Can anyone verify this is a bug or help me with a resolution? Thanks.
________________________________________________________________________
Richard "Trey" Hyde
Lead Software Engineer, CNET Channel
(949) 399 8722
Richard.Hyde@cnet.com
For technical support, please email channelsupport@cnet.com
RE: Autoescaping using syntax modes
Posted by Gerald Richter <ri...@ecos.de>.
>
> But I'm having a little trouble with textareas.
>
> Given this input,
>
> <textarea name="foo">test</textarea>
>
> and
>
> $self->AddTag("textarea", ["id", "name", "rows", "cols"],
> undef(), undef(),
> { perlcode => q{
> print STDERR
> "|".XML::Embperl::DOM::Node::iChildsText(%$n%)."|\n";
> _ep_rp(%$x%,
> $epreq->Escape(XML::Embperl::DOM::Node::iChildsText(%$n%), 5));
> }});
>
If I remeber right out of my head you should use perlcodeend => instead of
perlcode => because the XML::Embperl::DOM::Node::iChildsText needs to run at
the end of the textarea.
Gerald
** Virus checked by BB-5000 Mailfilter **
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org