Commit edc04e9
gitweb: Don't escape attributes in CGI.pm HTML methods
There is no need to escape HTML tag's attributes in CGI.pm
HTML methods (like CGI::a()), because CGI.pm does attribute
escaping automatically.
$cgi->a({ ... -attribute => atribute_value }, tag_contents)
is translated to
<a ... attribute="attribute_value">tag_contents</a>
The rules for escaping attribute values (which are string contents) are
different. For example you have to take care about escaping embedded '"'
and "'" characters; CGI::a() does that for us automatically.
CGI::a() does not HTML escape tag_contents; we would need to write
<a href="URL">some <b>bold</b> text</a>
for example. So we use esc_html (or esc_path) to escape tag_contents
as needed.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>1 parent c390ae9 commit edc04e9
1 file changed
+3
-3
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1974 | 1974 | | |
1975 | 1975 | | |
1976 | 1976 | | |
1977 | | - | |
| 1977 | + | |
1978 | 1978 | | |
1979 | 1979 | | |
1980 | 1980 | | |
1981 | 1981 | | |
1982 | 1982 | | |
1983 | | - | |
| 1983 | + | |
1984 | 1984 | | |
1985 | 1985 | | |
1986 | 1986 | | |
1987 | | - | |
| 1987 | + | |
1988 | 1988 | | |
1989 | 1989 | | |
1990 | 1990 | | |
| |||
0 commit comments